I want to give my visitors access to an Excel document to download from my website. Are there any security issues on placing an excel document up on a website available for download?

Thanks,

No one? :eek:

There are several security issues on the users side. They are usually related to macros being able to do damage on the users computer. Here's one of many that i found on Microsoft's site http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx

As for security issues for you I can think of only one; the user might be able to see your name and other information in the meta data and/or properties of the file. What is visible depends on what information you used when installing Excel and what information you might have entered after that. Other than that there shouldn't be any other security risks for you offering the file for download.

That being said, I would recommend not using Excel files if the user doesn't specifically need to be able to do calculations or other Ecxel stuff with the file. If it's just for the formatting and look of the file you could make a PDF out of it and offer that instead.

At least the Mac users (as myself, surprise surprise ;)), and probably Linux users as well, won't generally like Excel files, or any other Microsoft specific formats for that matter, as the support isn't anywhere near perfect. Of course this might not be an issue for you.

Hehe... thanks for the reply. It's a Depth of Field Calculator (for photography), so a PDF wouldn't work, as the functionality of it is what's important. I can always remove the personal info form the meta data... I wonder if it would be worth while to have the calculator coded so it could be live on the site...?

That would certainly be a better option... That way it would work on any computer, regardless of the operating system, and you would have full control of it.

Any updates or enhancements you might want to make later would also be instantaneous for the users as they don't need to download a new version of the file. Plus, assuming it's a good and useful tool, people will link to your site :D

Hehe... my thoughts exactly... I didn't create the tool, though... one of the members of my site did... so if I can get permission, maybe I go that route instead. ;)

if they are static, I'd say to just export them to html and upload them that way.

They're not static. ;)

Also consider making it a ZIP file for download which should be a bit safer I think.

Ahh... good thinking. ;)