[jbossws-dev] [Design of JBoss Web Services] - Re: Tcp Monitor like tool for jboss

maeste do-not-reply at jboss.com
Thu Nov 16 08:26:34 EST 2006


I probably I didn't correctly understand what Burr is saying. I try to answer, just to understand better what are his doubts about:

anonymous wrote : 
  | I actually demo the use of tcpmon since I think it is such a vital tool
  | for "debugging".  The basic idea is that you find a consumer and
  | producer that are happy with each other and capture the SOAP
  | conversation (e.g. .NET to .NET) then run your Java to .NET to see what
  | the problem might be.
  | 
And this is the same idea of Lms. Note that clients have to change the address used to invoke webservice, it isn't a transparent proxy.

anonymous wrote : 
  | With that said, I don't believe a web-based application will serve me
  | properly.  I like the really little swing-based tcpmon.  I've seen other
  | presenters talk about using it for hacking websites.  You can intercept
  | the flow of track between the browser and the server and figure out if
  | they are using any hidden fields to carry important information (e.g.
  | the price of an item being placed in a shopping cart).
  | 
I didn't understand what is the real difference between a swing gui and a web based gui in that. It was realy useful for us to debug service call by remote client that could only send request to our internet exposed machine (dmz) where I haven't X server configured (and I don't want one)
Speaking of security: I think there are more interesting malicious sw around the world than a web based tcp monitor, and I think a malicious use of Lms isn't different than a malicious use of tcp mon.
 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3986510#3986510

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3986510



More information about the jbossws-dev mailing list