-1

In LangChain you define the connection credentials to the database. Finally the "connection string" is passed to the OpenAI models. I consider it dangerous to share with OpenAI.

server = 'server-name'
database = 'db-name'
username = 'username'
password = 'password'

connection_string = f'mssql+pyodbc://{username}:{password}@{server}/{database}?driver=ODBC+Driver+17+for+SQL+Server'
db = SQLDatabase.from_uri(connection_string)
llm = OpenAI(temperature=0, verbose=True)
db_chain = SQLDatabaseChain.from_llm(llm, db, verbose=True)

db_chain.run("Query in natural leanguage")

What can be done about this data insecurity from OpenAI? I am working on Python v3.10.11 and LangChain v0.0.231.

user4157124
  • 2,809
  • 13
  • 27
  • 42
Pool Nolasco
  • 93
  • 1
  • 6
  • Where, in that code, do you believe that your credentials are being shared with OpenAI? – Tim Roberts Sep 01 '23 at 23:42
  • why you want to share credentials with OpenAI, you are connecting to db from local or docker or any other setup, except Open AI keys and prompt information I don;t beleive any other information should be sent to OpenAI – ZKS Sep 02 '23 at 02:56
  • Hi @TimRoberts, Because this information is used by langchain to form the PROMPT and uses the OpenAI models to perform the query for the database. Or am I thinking wrong about how langchain works? – Pool Nolasco Sep 02 '23 at 13:59
  • Hi @ZKS, I am working with a local database. Yeah I agree with you about OpenAI api-key. But then how does langchain work with database? Because I understand that langchain connects with the OpenAI models to form the QUERY for the database, so there it will share the name of the database, the name of the tables, and also the access credentials to the database. of data. The schematics in the langchain documentation do not provide clear information. – Pool Nolasco Sep 02 '23 at 14:08
  • The database object gets the connection string (with the username and password), and using that connection string, `pyodbc` creates a database connection. OpenAI then uses that connection. There is no way to extract the credentials from the connection. It's just for queries. – Tim Roberts Sep 02 '23 at 19:14
  • Remember these are all open source products. You can go look at it yourself. If there were backdoors here, other users who are even more paranoid than you would have spotted it. – Tim Roberts Sep 02 '23 at 19:16

0 Answers0