Document Revisions Security and IA

Had some great discussions this past week with mentors and other assorted devs in the IRC chat. Two big components that have seen a lot of refinements this week were security and IA.

Security

Given the target audience, security is a top priority. As it stands now, out of the box, document revisions would store files as standard uploads in the /wp-content/uploads/year/month/ folder. Because this folder is accessible to the world, each file is renamed to an MD5 hash that only WordPress knows. WordPress would transparently convert that hash (e.g., /wp-content/uploads/2011/05/asdf1234.doc) to a custom post type permalink which would run through the standard rewrite system (e.g., /documents/2011/05/memo.doc). This way, all requests for the file (which would be a permalink to the latest revision), would be authenticated against WordPress’s normal privileges. Files can be made public/private using the visibility setting in the top right of the standard edit page. As an added layer of security, the upload destination can be optionally moved to a folder outside of the server’s web root, thus ensuring that files cannot be accessed without the proper privileges.

Information Architecture

The other big hurdle was ensuring that document revisions was both scalable, and had a minuscule footprint. Each document is going to be treated as a custom post type. The majority of the custom post type IA / functionality will be used as it is intended (author, post_parent for revisions, date for modified, etc.). Each revision of a document will be uploaded as an attachment (using the standard media uploader), and will generate a post revision. Document title will become post_title, the true path to the revision (see above) will be the post_content (with no editor box), and the revision log message will be the post_excerpt. This way, the plugin can in theory handle a near limitless number of documents, while at the same time introducing no additional metafields, tables, or substantial drain on the database if the server is also a public-facing web server.

Things are coming together quickly, and can’t wait to sit down and begin coding soon.