MySQL... doomed...

[Mikes2nd]

keep up the fud! seriously IIS runs a ton of the web. Apache has security holes the size of texas...

For example lets look at this months that got caught...

Class: HTTP Response Splitting
Versions: Every Version Before 3.2.9, 3.4.9, 3.6.3, 4.0rc1
Fixed In: 3.2.9, 3.4.9, 3.6.3, 4.0rc1
Description: By inserting a certain string into a URL, it was possible
to inject both headers and content to any browser that
supported "Server Push" (mostly only Gecko-based browsers
like Firefox). This could lead to Cross-Site Scripting
vulnerabilities, and possibly other more dangerous
security issues as well.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://cwe.mitre.org/data/definitions/113.html
CVE Number: CVE-2010-3172

Class: Information Leak
Versions: 2.12 to 3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1
Fixed In: 3.2.9, 3.4.9, 3.6.3, 4.0rc1
Description: The Old Charts system generated graphs with
predictable names into the "graphs/" directory,
which also could be browsed to see its contents.
This allowed unauthorized users to see product names
and charted information about those products over time.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=419014
CVE Number: CVE-2010-3764

Class: Cross-Site Scripting
Versions: 3.7.1 to 3.7.3, 4.1
Fixed In: 4.0rc1
Description: YUI 2.8.1 was vulnerable to a Cross-Site Scripting
vulnerability in certain .swf files. The YUI shipped
with Bugzilla has been updated to 2.8.2.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=606618
http://secunia.com/advisories/41955
http://yuilibrary.com/support/2.8.2/

Last months...

Class: Remote Information Disclosure
Versions: 2.19.1 to 3.2.7, 3.3.1 to 3.4.7, 3.5.1 to 3.6.1,
3.7 to 3.7.2
Fixed In: 3.2.8, 3.4.8, 3.6.2, 3.7.3
Description: An unprivileged user is normally not allowed to view
other users' group membership. But boolean charts
let the user use group-based pronouns, indirectly
disclosing group membership. This security fix
restricts the use of pronouns to groups the user
belongs to.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=417048
CVE Number: CVE-2010-2756

Class: Notification Bypass
Versions: 2.22rc1 to 3.2.7, 3.3.1 to 3.4.7, 3.5.1 to 3.6.1,
3.7 to 3.7.2
Fixed In: 3.2.8, 3.4.8, 3.6.2, 3.7.3
Description: Normally, when a user is impersonated, he receives
an email informing him that he is being impersonated,
containing the identity of the impersonator. However,
it was possible to impersonate a user without this
notification being sent.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=450013
CVE Number: CVE-2010-2757

Class: Remote Information Disclosure
Versions: 2.17.1 to 3.2.7, 3.3.1 to 3.4.7, 3.5.1 to 3.6.1,
3.7 to 3.7.2
Fixed In: 3.2.8, 3.4.8, 3.6.2, 3.7.3
Description: An error message thrown by the "Reports" and "Duplicates"
page confirmed the non-existence of products, thus
allowing users to guess confidential product names.
(Note that the "Duplicates" page was not vulnerable
in Bugzilla 3.6rc1 and above though.)
References: https://bugzilla.mozilla.org/show_bug.cgi?id=577139
https://bugzilla.mozilla.org/show_bug.cgi?id=519835
CVE Number: CVE-2010-2758

Class: Denial of Service
Versions: 2.23.1 to 3.2.7, 3.3.1 to 3.4.7, 3.5.1 to 3.6.1,
3.7 to 3.7.2
Fixed In: 3.2.8, 3.4.8, 3.6.2, 3.7.3
Description: If a comment contained the phrases "bug X" or
"attachment X", where X was an integer larger than the
maximum 32-bit signed integer size, PostgreSQL would
throw an error, and any page containing that comment would
not be viewable. On most Bugzillas, any user can enter
a comment on any bug, so any user could have used this to
deny access to one or all bugs. Bugzillas running on
databases other than PostgreSQL are not affected.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=583690
CVE Number: CVE-2010-2759


The holes in Apache just keep going.

I know what works, and with Microsoft solutions I can get the job done alot faster and cheaper, thats what I see and know.

I would beat you on price and speed EVERY time on any project. Open source is fine for the small website and forums. I think thats where it belongs and does a great job. But when you need mid and large size projects I would opt for microsoft development tools.

You guys keep your blinders on... I've seen open source projects and 80% of the time they are a complete mess and cost 10x too much. You can keep ignoring development and ongoing support costs.

[Alan92RTTT]

Guys mike is is MS/Intel fanboi.

Unless you like to poke at him just to see what BS he spews its best to ignore him. He's long past the point of having a rational unbiased discussion.

[Mikes2nd]

actually i prefer AMD

AMD/Open Source fanboi

[blindmist]

actually i prefer AMD

AMD/Open Source fanboi

Regardless of what you prefer, you obviously don't understand too much about Apache. MDT is a joke compared to the power you can have with Apache. Quit making stupid posts that are wrong.

[Mikes2nd]

rofl yeah it isn't full of holes... Apache isn't patching its security holes every month? do I need to post them every month?

[blindmist]

rofl yeah it isn't full of holes... Apache isn't patching its security holes every month? do I need to post them every month?

Your ignorance is showing. Everything is full of holes. Apaches are found most often BECAUSE IT IS THE MOST USED. Quit being a moron. MDT is full of holes as well. Again, you are wrong.

I find it kinda funny that your Top PC Virus software sites run........ APACHE. Kasperkey?