Prior Production Environments


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/KjoWkirH6gg Import Date: 2016-01-19 21:01:35 +0000.
Sender:James Rubino.
Date:Wednesday, 13 August 2014 21:50:43 UTC+1.

Has Tyke been deployed in attack active and hostile production environments?


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 14 August 2014 09:27:32 UTC+1.

Not yet, it’s all very new. We dogfooded Tyk in front of the Loadzen.com API’s (now shuttered) before going public with it, but that was not an attack-active environment.

I would not feel confident in saying that Tyk would be appropriate in these environments this early on, we would need a security audit or pen test for that.

Fancy volunteering? :wink:


#3

Imported Google Group message.
Sender:James Rubino.
Date:Saturday, 16 August 2014 00:47:56 UTC+1.

Sure but only under someone else’s lead.

I will definitely be taking it for a spin and put it front of non production projects.

User account registration and authentication flows are the part of new projects I dislike the most but if there is any work being done on integrated user registration, authentication and authorization plugins or addons I would gladly help.


#4

Imported Google Group message.
Sender:Martin Buhr.
Date:Monday, 18 August 2014 10:16:22 UTC+1.

Would love to know how it goes in non-prod environments, please report back if you can :slight_smile:

Regarding user registration, there’s a simple way this could be added, I gues sit depends on how far it should go:

Light: Should tyk offer the functionality to store additional profile data alongside a key? (e.g. adding an open metadata interface such as user_data to a session object),. This would mean it’s still up to the implementer to build sign-up flows but only integrate with the API instead of having to roll their own OR
Heavy: Should tyk offer some kind of registration and on-boarding for developers (templates and all), so that with a single option a kind of minimum-viable sign-up form is created and made available to end users. How flexible should this be?
Let me know, I’m constantly updating the roadmap with new features that should be implemented next.