Content management does not mean content publication

02/04/13 23:00:00    

By Michael Mealling

While I still haven't found a solution to the limitation on redirects within S3, in the process of figuring it out I wrote some code to extract a site from the Wordpress XML export file and create a Middleman app. The idea behind both Middleman and Jekyll is to separate the content management from content publication.

In the process of working with Amazon on the redirect problem I exchanged a few emails with Jeff Barr, Amazon's Chief Evangelist for AWS. His view was:

“The more I think about it, the more I am convinced that the ideal architecture for a blog will have a very clean separation between generating pages and serving them. S3 makes this easy and I can see this model going mainstream before too long!”

Why is this important? Security. Back in 2011 I was managing the webhosting service for Georgia Tech. One of the biggest problems we had to deal with was how inherently insecure PHP is. We were in a constant race with backlink spammers that took advantage of badly maintained Wordpress and Drupal themes to create cloaked link farms. If we could separate creating and maintaining the content from how that content was served we could create a much more secure system.

The trend these days is for much of what used to happen on complex backend systems to now happen inside the browser using robust Javascript systems such as Backbone.js and JQuery. Backends are very slim things that provide access to databases via RESTful APIs that implement very basic business rules. Are we moving to a time when we can secure our websites by moving them to content delivery networks full of static files and very limited and secure APIs? The Jekyll community certainly thinks so.

Given my experience with migrating Rocketforge to that paradigm it's still a bit early. S3 needs some tweaks and Middleman and Jekyll need a better theming system. You could even build a Wordpress plugin that simply puts everything directly into S3 and reserve the Wordpress instance just for authoring content and managing users. This would probably require a new theming system for Wordpress. I'm not sure if Drupal could ever do this.

What do you think? Is Ruby asset pipeline and S3 synchronization something other languages and CMSs use? Can we do a better job of securing the Internet by being deliberate about where we allow code to be executed instead of assuming everything is database-driven and dynamically rendered?