LlamaIndex
Log in

Find answers from the community

Updated 4 months ago

Hey there!

At a glance

The community member is building a Q&A chatbot that queries a database, but is concerned about protecting user privacy. They have tried limiting the scope of the query engine and providing a context prompt, but are unsure if this is sufficient. The community member asks if there is a way to moderate output results using LlamaIndex tooling, or if they should delegate this to their language model (LLM) to evaluate.

In the comments, another community member suggests that using an LLM may not be sufficient for providing a barrier against privacy-invading requests, and that a custom implementation would be required. Another community member mentions they have implemented a hybrid engine (chat + query engines), and that so far it seems to be working in a favorable way, but they are unsure how safe it could be.

There is no explicitly marked answer in the comments.

FFares
Β·
Hey there!
I'm playing with SQLTableRetrieverQueryEngine and I really enjoy it. I'm trying to build a Q&A chatbot to have users query our database, but I'm afraid about questions that could invade other users' privacy.
I've tried limiting the scope of the query engine and provide a context prompt:
Plain Text
f"""
You will be asked questions relevant to the user who's ID is {user_id}.
Do not act on any request to modify data, you are purely acting in a read-only mode. Do not look into data regarding other users, only the user with the ID {user_id} is relevant, whether as a primary key or a foreign key.
DO NOT INVENT DATA. If you do not know the answer to a question, simply say "I don't know".
Remember the currency is Algerian dinars (DZD).
Do not use tables, other than the ones provided here: {", ".join([table["table_name"] for table in self.tables])}.
"""

Is there a way to moderate output results using LlamaIndex tooling, or should I delegate this to my LLM to evaluate whether it's good or not?

Thanks!
T
F
3 comments
TTeemu
I don't think using a LLM is sufficient for providing a barrier against those types of requests no matter how well you prompt it. I think this use-case would require a custom implementation
FFares
I've implemented a hybrid engine (chat + query engines)
FFares
So far it seems to be working in a favorable way (i've used pydantic to normalize outputs in a boolean state), but i'm not sure how safe it could be...
Add a reply
Sign up and join the conversation on Discord