I'm mainly just an applications programmer where our projects are on internal servers and the user just runs the exe so I'm out of my league on this. Part of something I'm assigned to, but really am just involved in, is allowing access to some documents from outside the company. The plan is to put the PDF documents on a server the public can get to, password protect the documents, and provide the password to the people intended to see them.

In other words:

I'll send you a letter with a URL and a password in it. You'll key in the URL and it will bring up the document prompting for the password. If it matches the document will be displayed as a PDF.

I'm so out of my league on this that I don't know the right questions to ask. Is this an industry norm? I view PDFs from web sites quite a bit when surfing. Are there some security considerations to look into?