Can I make a short-lived readonly snapshot for reporting in Azure SQL DB?

I have an Azure SQL DB (OLTP), that is under considerable load, let’s call it AppDB. AppDB is transactionally consistent, but new rows are written to it constantly. Now I need to populate ReportingDB based on AppDB state every 30 minutes. Reporting population job runs several moderately big queries against AppDB, those queries, unfortunately, can’t be wrapped in a transaction but still have to all run on consistent data. That is, I can’t have situation Query 1 runs=> new rows inserted into AppDB => Query 2 runs. All my queries have to see data the way it was when Query 1 started.

I was hoping I can use Snapshots to create a read-only snapshot for Reporting job to use. From description, creation of such a snapshot should be fast and subsequent "copy on write" performance hit should be manageable. Snapshots lifetime would be under 10 minutes on average.

But now it looks like Azure SQL does not support CREATE DATABASE ... AS SNAPSHOT OF ..., it only supports CREATE DATABASE ... AS COPY OF ..., which I expect to be a lot slower (probably not meant to be used for reporting snapshot).

What would be a good way to create quick and short-lived read-only snapshots for reporting in Azure SQL DB?

P.S. We have considered replication, but it is not an option for us at the moment due to policy limitations.

Do long-lived races reach social maturity later than short-lived races? [closed]

In most long-lived player character races’ descriptions I see comments about how fast they physically mature and when they’re considered adults. What I am wondering is how fast they socially mature. This isn’t explicitly mentioned.

I ask because to me it seems obvious that probably most races in their late twenties have finished maturing socially. Sure, their personality will still change, but that’s different than maturity.

I have two thoughts about quickly races would mature.

  1. In some sense your "social maturity" is an accumulation of all your life experiences. In this way all races would mature at the same speed. (As in, maybe they have more or less experiences but there is nothing special about their race that affects it.)
  2. In another way your "social maturity" has to do with how well developed your brain is. Teenagers and people in their early twenties still do not have fully developed brains so still have not reached social maturity. (It may make sense to call this "mental maturity" but I’ve never heard the phrase and it seems needlessly specific.) — This would imply that races that are super intelligent might mature faster and ones that aren’t might mature slower. (A problem with this view is that it tries to make a standard meaning of what maturity means,

My initial guess is that all races mature socially at the same speed but I’m curious if there are answers in the lore.

Avoiding all or nothing on “short-lived” partials

A sort of common trope I encounter in pbta games is moves with a partial that has you succeed but with the effect “lasting only a moment” (or some similar phrasing). The example I am going to work with is Zuko Style from Dungeon World. The text from that move reads:

When you bend a flame to your will, roll+WIS. On a 10+ it does as you command, taking the shape and movement you desire for as long as it has fuel on which to burn. On a 7-9 the effect is short-lived, lasting only a moment.

From the Dungeon World SRD

Some of these moves (all that I am aware of) tend to have a problem where this partial is sort of all or nothing. That is depending on what you are trying to do it either means a partial is indistinguishable from a success or it serves to do nothing (essentially a silent failure). For an example of an “all” case (in my experience most cases of ZS tend to fall into this category):

The players have a plan of attack, their comrades are in wait on a nearby hill and the party is finally in their place. The agreed upon signal is a burst of flame in the sky. When the time comes they pull a fire starter from their adventuring gear, set of a spark to bend it into a skyward burst. The dice hit the table and come up an 8.

Here we have an issue since the effect was only meant to last a moment the partial is no different than a success. There are plenty of interesting things that could happen here that would certainly make good partials but none that seem to fit the wording of the move.

Here is an example of a “nothing” case:

While the players were distracted fighting off the occultists the library of esoterica was caught in the blaze. Scorch-Skin jumps into action swiping their hand to extinguish the flames. The die are cast, and come up 8.

Here extinguishing the flames for a moment is about as useful as not extinguishing the flames at all. And to make matters worse what is almost certainly going to happen next is that Scorch-Skin is going to just try again. It amounts to pretty much just a silent failure.

What ways should a GM handle a partial on Zuko Style that exemplify the principles of Dungeon World? My goal i a solution I can use in any pbta game, but I have chosen to ground the question specifically in Zuko Style and the rules of Dungeon World, so anything beyond that is extra. I’m looking for answers that don’t involve modifying the move itself or breaking the rules of Dungeon World.

Is this security scheme using passwords, short-lived access JWTs, and long-lived refresh tokens a good way to secure a REST API?

I’m trying to secure a REST API that I’m using as a backend for a single-page application. The API provides access to read/create/modify/delete protected resources, based on a set of permissions managed by an administrator. What I’m thinking is the following:

  • All connections must be over HTTPS; plain HTTP requests will be redirected to HTTPS.
  • Users have a username and password, which they create.
  • A client submits a username/password to a /login route; if it’s a valid password for that user, the server will return a short-lived access token and a long-lived refresh token.
    • The access token will be a signed JWT that identifies the user and has an expiration time.
    • The refresh token will be a GUID corresponding to a row in a database table; this row will store the user ID
  • When accessing protected routes (everything but /login), an access token will be required. The server will verify the signature, and if valid, will check the expiration time. If the token is not expired, the user ID will be made available to server-side code for authorization logic.
  • If the access token is expired, the client will automatically submit the refresh token to a /refresh endpoint for requesting a new access token. The server will check the database; if a corresponding row still exists, a new access token will be returned to the client.

Does this scheme sound secure?