Earlier this week, I was given the task of installing a shopping cart script for my organization... The reason this particular commercial product was picked was because a higher-up and seen it and liked the interface... being written in Perl, (and since I'm the only Perl person in the company), I got to find out the nitty gritty details of installing this script..

Upon looking at the source, I was amazed to see code that violated a couple of practices that I consider essential to CGI programming: taint checks were not turned on, and CGI.pm was not used. At that time, I solicited the opinion of my fellow monks on what to do (I didn't think I would be taken seriously by management.. have you ever seen a glint in the eye of senior management when they're championing a product ? I saw it in my manager's eyes :o).. Thanks to WebHick, virtualsue and TStanley (these are just the people I remember, there were quite a few more), I wrote a CYA email to a few people outlining some of the problems that I saw in the script (namely, the two I mentioned above)..

Now, the point of this rambling meditation (finally, you say :o)... Another possible problem that I discovered is that this script sends email, but uses raw sockets and SMTP commands in the script rather than modules from CPAN (Net:: and Mail:: modules)... Now I personally think that this is another coding practice as bad as not using CGI.pm or enabling taint checks.. but I can see the point of view of the developer (I think I've seen other Perl products that also has the same philosophy of not using modules because then it runs "out of the box" on any Perl installation).. My question really is.. do you think writing products that don't use CPAN modules is bad coding practice ? Were you to write a product that would be publicly distributed (commercially or otherwise), which approach would you take ? and why ?

In reply to Of third party products, code reviews and module installation...(discussion) by tinman

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.