What security concerns are there regarding website users inputting personal financial data without putting in personally identifying data?

I am a web developer, but I have only a rudimentary grasp of security, e.g., be careful to sanitize inputs, store as little user data as possible, encrypt passwords, keep up with security issues of libraries and packages, etc.

Today, I was approached by a client who does financial planning about replacing a spreadsheet he gives clients with a web-based form. The spreadsheet asks users to input certain financial data – e.g., current value of various investment accounts, business interests, etc. These numbers are put into a formula and a value is generated which is supposed to help the user decide whether the consulting could be useful to them.

The phone call was very short, and my questions focused on more mundane matters about user experience, desired UI elements, etc. No commitments have been made, and I’m analyzing the project to see if it’s something I can do. I began to think about potential security issues, and I realized I really don’t know where to start. So far it seems that client wants the form to be accessed via a magic link, and that the user would not enter any personally identifying information. I do not know yet whether my potential client wants to store the value generated, a simple dollar amount which is the ‘benefit’ the user could get by using the service. The impression I got is that my potential client simply wants to use this value as a motivator for clients to inquire further about his services.

My question is this: In this scenario, what security-related matters should I consider?

Thank you.

Preggo Vidz Porn Tube Website – Ranked On Google USA For 90+ Keywords

Why are you selling this site?
I am selling this time as I simply DO NOT have time anymore.

How is it monetized?
Via ads and popups.

Does this site come with any social media accounts?
Reddit – /preggovidz
Twitter – /preggov

How much time does this site take to run?
1 hour per day

What challenges are there with running this site?

Writing video descriptions(Easy)

This is a WordPress website that is on page 1 of Google USA for the keyword Preggo Porn….

Preggo Vidz Porn Tube Website – Ranked On Google USA For 90+ Keywords

Find path of file on website with randomized string in it

Users have the possibility to upload a sensitive personal file to a specific website. After uploading, only the user himself and the administrator of the website have the ability to download the file again.

All files of any user are uploaded to the following folder: https://example.com/folder/uploads/.

Before a file is uploaded, it gets renamed to <<username>>.docx.

So for Foo the path would be: https://example.com/folder/uploads/foo.docx and for Gux it’d be https://example.com/folder/uploads/gux.docx.

As you can see, this is not safe at all. Foo could simply examine the download link, and replace his own name in the file-path with the username of other users to download their files.

So to prevent this, the web-developer did the following: Before a file is uploaded, a random string of 15 characters gets prepended to the filename. This random string is different for each upload.

For Foo this would be for example https://example.com/folder/uploads/heh38dhehe83ud37_foo.docx and for Gux https://example.com/folder/uploads/abcnjoei488383b22_gux.docx.

When Foo examines the download-url, he will know in which folder all the files are stored. But there is no way that he could guess the random string that is prepended to Gux’ file. The random string actually functions as a 15-character long password.

In all directories an index.html-file is placed so the directory content does not get listed.

If Foo still wanted to download other users their files, how would he do that? I’m looking for a way Foo would do this by forming a specific URL or HTTP-request. Breaching the server or database is a correct answer but not the kind I’m looking for.

TL;DR: How to find the path of a file on a public website with a unique and randomized string in it? You know the path to the upload-folder, but there is a index.html-file there so you can’t see the content.

Is there a really good and powerful website builder you would recommend?

Is there any website builder that is good and powerful enough for a blog with 100 – 200 posts?
It can be a premium version, just needs to be good enough, with very little bugs, and etc.

I am currently using SitePad and I am not really satisfied with how it handles some things, it has bugs, and blog acts weird

Amazon Affiliate Massage Chair Comparison Website

Why are you selling this site?
Need some urgent funds.

How is it monetized?
amazon affiliate program, this is a starter site so has not earned any and has no traffic.

Does this site come with any social media accounts?
no

How much time does this site take to run?
1-2 hour a week

What challenges are there with running this site?
not much any one with a basic understanding of website can run this with ease.

Yard Care Tolols Amazon Affiliate Review Website| Unique Contents

Yard Tools Products Review |100% Hand Written Reviews | Amazon Affiliate

Short Description:

This Website is Specially Designed For Newbies. Great opportunity to Make money from Google Adsense, Amazon and Clickbank. No Maintain & Exp.Required.

SUMMARY:

What is This Deal :

I am Providing you Professionally Designed WordPress Platform Based and SEO Friendly.

  • Domain : YardcareTools.info ( Free transfer to your…

Yard Care Tolols Amazon Affiliate Review Website| Unique Contents

What happens when someone fills in a contact form on a website?

I am trying to debug a problem on a website I am working on. The contact form doesn’t work. In my quest to find answers it occurred to me that I don’t even actually know what’s going on in the background in order to understand the sites that I’m reading for help!

So basically my question is: what happens when someone submits a form on a website?

I see that my hosting company has provided me a mail box with some arbitrary email address where the form submission gets returned to when it fails. Why? Do all form submissions actually come from this email address? What does PHP or SMTP have to do with this?

Switch properly from HTML website to WordPress without hurting Google rankings

My question is about specific technicalities of the switch from HTML website to WordPress. I looked through similar questions but my question still remains.

I think my situation is pretty standard.

I’m about to switch my current HTML website to WordPress. My website has been up since 2006.

Main details of the transition:

-My current site is in the /public folder

-Most pages have .php extension

-The WordPress folder is /clickandbuilds/mywebsite (WordPress.org, hosted by 1&1)

-I’ll also need to do 301 redirects for all .php pages to the WP pages

I guess my main question is the following:

Is it safe to just switch my domain from the /public folder to the WordPress folder once everything is ready? I assume it’s a standard procedure – but still wanted to get a second opinion.

Thanks, Leo