get_col("DESC $table_name", 0) as $column ) { if ($debug) echo("checking $column == $column_name
"); if ($column == $column_name) { return true; } } //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { if ($column == $column_name) { return true; } } return false; } } function btc_altertable() { global $tablecomments; $sql = "ALTER TABLE $tablecomments ADD COLUMN comment_reply_ID INT NOT NULL DEFAULT 0;"; maybe_add_column($tablecomments, 'comment_reply_ID', $sql); } function btc_alter_comment($new_id) { global $tablecomments, $wpdb; $sql = "UPDATE $tablecomments SET comment_reply_ID=".$_POST['comment_reply_ID']." WHERE comment_ID = $new_id;"; $wpdb->query($sql); } function briansnestedcomments() { global $font_gets_smaller; if (!($withcomments) && ($single)) return; // You can safely delete the single line below if your threaded comments are up and running btc_altertable(); ?> Usable Security » Blog Archive » Sanitization’s Slippery Slope: The Design and Study of a Text Revision Assistant

Sanitization’s Slippery Slope: The Design and Study of a Text Revision Assistant

July 17, 2009 by Richard Conlan
Richard Chow, Ian Oberst and Jessica Staddon

It is often important to share sensitive documents, but protecting privacy is important.  A typical solution is do redact important bits, but often the redacted information can be recovered.  Another approach is is to sanitize the data by replacing specific terms with more general terms that hide the underlying data without destroying utility.

The researchers created a tool that helps the user discover privacy risks in the document by scanning the terms in the document and comparing against their prevalence on the web and their linkability to known sensitive terms.  The sensitive terms are highlighted to guide the user in sanitizing the document.  As the user makes changes the document is continuously rescored so the user can evaluate the effectiveness of their changes.  The tool also suggests replacement terms that improve privacy.

The study included twelve users instructed to sanitize two short biographies, of Harrison Ford and Steve Buscemi.  Some users behaved differently when they were using the tool than when they weren’t.  It seemed that when users were dealing with unfamiliar topics they relied on the tool’s judgement more than their own.  The privacy achieved was measured by employing Amazon’s Mechanical Turk service to see if the actors could be identified by the sanitized biographies.  The study was focused on preserving privacy and not on the biography’s resulting utility.