Phil Factor (11/22/2008)
One slightly scarey thought bothers me though: If the structure and processes of the transaction log were fully documented, then would it then be maliciously hacked? We'd then lose some confidence that we currently have that backups constitute 'evidence'.
I don't think so, no more than modifying data by taking a hex editor to the data file.
First the files are locked for write by SQL while the service is running, so no changes there. Also there are checksums and other protections on both data pages and log pages to detect corruption. SQL considers someone applying a hex editor to the field as corruption.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability