zlacker

[return to "Ask HN: How do you safely give LLMs SSH/DB access?"]
1. fhub+gz[view] [source] 2026-01-14 20:53:17
>>nico+(OP)
Our solve is to allow it to work with a local dev database and it's output is a script. Then that script gets checked into version control (auditable and reviewed). Then that script can be run against production. Slower iteration but worth the tradeoff for us.

Giving LLM even read access to PII is a big "no" in my book.

On PII, if you need LLMs to work on production extracted data then https://github.com/microsoft/presidio is a pretty good tool to redact PII. Still needs a bit of an audit but as a first pass does a terrific job.

◧◩
2. Volund+RQ[view] [source] 2026-01-14 21:58:32
>>fhub+gz
This. Everything your LLM reads from your database, server, whatever is being sent to your LLM provider. Unless your LLM is local running on your own systems, it shouldn't be given ANY access to production data without vetting it through legal with an eye to your privacy policy and compliance requirements.
[go to top]