Wikipedia:Articles for deletion/String exploits


 * The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review).  No further edits should be made to this page.

The result was   keep. Ron Ritzman (talk) 01:41, 26 February 2011 (UTC)

String exploits
[header inserted with revised article name 22:01, 22 February 2011 (UTC)] Unscintillating (talk) 22:01, 22 February 2011 (UTC)


 * – ( View AfD View log )

I cannot find any citations that establish notability. Plenty of cites for format string attacks, but not for the exploit described here. Article has had unreferenced tag since December 2009, Notability tag and Technical tags since March 2008. Last edit (other than minor typo fixes and such) was in 2007, and there have never been any discussions on the talk page. Guy Macon 22:53, 19 February 2011 (UTC)
 * Given the improvements made since I wrote the above, I think the article is now worth keeping. Does anyone think it should be deleted?  If not, do I need to do something special to withdraw the afD or just let it run its course?  Guy Macon  02:40, 23 February 2011 (UTC)
 * One of the good things about something being in the AfD process is that people look at it who might not otherwise. One or more may still wander along and make great improvements.  Always better to let them run unless they are time wasters... and I think this article still needs much love, so not a waster.  Thanks for tagging it.Shajure (talk) 06:52, 23 February 2011 (UTC)


 * Note: This debate has been included in the list of Computing-related deletion discussions.  -- • Gene93k (talk) 01:55, 20 February 2011 (UTC)


 * I moved the article to String exploit. Redirect is in place from the plural.Shajure (talk) 18:16, 22 February 2011 (UTC)

*Delete. It's also extremely unclear and downright inaccurate; for example, many languages have comment characters but most of those languages only obey them when parsing program files for execution, not user input. *Delete I just looked at Vulnerability (computing) and asked myself if this article gives the reader anything not found there. Nothing as far as I can tell. Guy Macon 13:31, 21 February 2011 (UTC)
 * Keep. As rewritten described below it's fine. Elizium23 (talk) 02:19, 20 February 2011 (UTC)
 * Comment Google search on "Asciiz exploit" produces hits.  "Comment character exploit" also shows some hits such as this one.  So this may not be a question of "is this notable", since the idea of "exploits using strings" seems to be both notable and interesting, but "is this salvageable".  Have all of the major editors been notified? Unscintillating (talk) 04:45, 20 February 2011 (UTC)
 * Strange, I find no Google search results for ["Comment character exploit" ] (with quotes). The link you give is about SQL injection, on which we do have an article. The present article is so unclear that I'm not sure what the topic is, but it may be an attempt to create an article about "Unchecked user input", as it is called in our article on Vulnerability (computing), or "Improper input validation", as it is called in the Common Weakness Enumeration repository (entry CWE-20). This is definitely a notable topic, but content-wise the present article String exploits is unsalvageable. --Lambiam 09:38, 20 February 2011 (UTC)
 * Seconded; it might in principle be a notable topic but the content would have to be redone from scratch. I think it's probably best to redirect it, until anybody ever actually manages to write encyclopaedic content on this subject. bobrayner (talk) 23:24, 20 February 2011 (UTC)
 * Delete By itself it is not notable, and the article only discusses concatenation without highlighting how this, by itself, is an exploit. I believe that other articles such as Vulnerability (computing) already cover this area.  --HighKing (talk) 11:58, 21 February 2011 (UTC)
 * The above was true of the article at that time, but is not true now that the article has been rewritten. Guy Macon  02:40, 23 February 2011 (UTC)


 * Keep It seems to me to be a disambiguation page, with a lot of needless yack and opinion. Added a source, dropped the yack, dropped the opinion.  Format isn't right. Shajure (talk) 06:29, 22 February 2011 (UTC)
 * Like beauty, this must have been in the eye of the beholder. All the exploits given now as examples were originally listed in a final section See also ( other string problems), while the original examples were eliminated, so to me it seems that whatever the original author meant is virtually disjoint from what is described here now. --Lambiam 13:34, 22 February 2011 (UTC)
 * I would agree that what we have now is very much not what the author intended. If interested, he or she will return and add encyclopedic content.Shajure (talk) 17:52, 22 February 2011 (UTC)
 * Keep as per rewrite. Unscintillating (talk) 08:57, 22 February 2011 (UTC)
 * Keep after rewrite. I am not convinced, though, that "string exploit" is a commonly used term. I see it only in the combination "format string exploit", which of course is not a "format {string exploit}", but should be parsed (and properly written) as "format-string exploit". --Lambiam 13:22, 22 February 2011 (UTC)
 * I added a couple of references using the term "exploit string" and removed the notability template. Unscintillating (talk) 22:07, 22 February 2011 (UTC)
 * Sources discussing beer bottles will not help to establish that Bottle beer is a good article title. If the article title here was Exploit string, then it might make sense to cite sources using that term. However, the title is "String exploit", and the added references, none of which uses that term, do not undercut my point that this is not a commonly used term. --Lambiam 22:56, 23 February 2011 (UTC)
 * The fact of the matter is that "String exploit" isn't a commonly used term. The actual exploit described is well known, but the usual term used to describe it is something along the lines of "unvalidated user input exploit" or "unchecked form input exploit" (not sure what exact wording is most common, but it isn't "string exploit).  A better name would be a big improvement.  Guy Macon  01:35, 24 February 2011 (UTC)
 * The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.