>Are there any other ideas or best practices for this? There is no such thing as too paranoid here!
I'd suggest:
1. Put a copy of the data, and the sanitizing program, on the same physical computer
2. Move the computer to a location where all of its sides are visible e.g. on top of a desk, don't have it hidden under a desk/table
3. Disconnect that computer from the network - unplug the network cable. Or, if it's a wireless connection on a laptop, physically turn off the wireless adapter with the slider switch/keystroke combination, and/or temporarily disable the adapter in Windows. Confirm that the adapter is disabled
4. Run the sanitizing program
This may sound like overkill, but it isn't. There's nothing like being able to point at a computer, and show (to your client/boss etc.) that it's physically not capable of accessing the production DB, before running a test process that can make major changes to data.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up