Web security gurus help

[Valhalla1]

How secure is publishing MS Word .doc files directly on a website? what chmod permissions (the three digit #) should they be set so that people can view them but not change them?

also, what is the best way to accomplish this - say you have a specific group you want to be able to access the documents through a website interface and change them as needed, etc. but prevent anyone one else from viewing or changing them? it will likely be on an IIS NT 4 server, would the best way be to setup a group account that has access to the folder, and have them log in to the server when they try to access the document folder? and give them read/write access? or would that mean more user licenses needed on the NT server (a bad thing) ?



what is the most secure way of doing this? what other issues/security holes, etc. does a web admin need to be aware of when publishing word 2000 documents?

 

[vi edit]

Should be pretty simple. I'd make a group called "webdoc" or something and then just add the users that should be allowed access to it. Dump the folder into the webpage, and on the server backend, modify the permissions on it to allow that group you just set up. If users are logged into the system via a Microsoft machine, they'll have access to the folder, anyone else will be prompted for a user name and password to view it.

 

[Valhalla1]

the thing is, currently they dont have accounts on the NT server, and I want to avoid purchasing licenses if I dont have to... can this be accomplished with one uyser license, or better yet none?

also, how can I make it so they can click the link to a document, word opens up (thru IE settings this is easy enuff) but then be able to save it to the web folder it was stored on, so that changes to the documents are immediately on the server? can IIS do this, make the folder writeable? how would the user save it to the folder? would it be the default save location?