Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Earlier this week, I was given the task of installing a shopping cart script for my organization... The reason this particular commercial product was picked was because a higher-up and seen it and liked the interface... being written in Perl, (and since I'm the only Perl person in the company), I got to find out the nitty gritty details of installing this script..

Upon looking at the source, I was amazed to see code that violated a couple of practices that I consider essential to CGI programming: taint checks were not turned on, and CGI.pm was not used. At that time, I solicited the opinion of my fellow monks on what to do (I didn't think I would be taken seriously by management.. have you ever seen a glint in the eye of senior management when they're championing a product ? I saw it in my manager's eyes :o).. Thanks to WebHick, virtualsue and TStanley (these are just the people I remember, there were quite a few more), I wrote a CYA email to a few people outlining some of the problems that I saw in the script (namely, the two I mentioned above)..

Now, the point of this rambling meditation (finally, you say :o)... Another possible problem that I discovered is that this script sends email, but uses raw sockets and SMTP commands in the script rather than modules from CPAN (Net:: and Mail:: modules)... Now I personally think that this is another coding practice as bad as not using CGI.pm or enabling taint checks.. but I can see the point of view of the developer (I think I've seen other Perl products that also has the same philosophy of not using modules because then it runs "out of the box" on any Perl installation).. My question really is.. do you think writing products that don't use CPAN modules is bad coding practice ? Were you to write a product that would be publicly distributed (commercially or otherwise), which approach would you take ? and why ?

In reply to Of third party products, code reviews and module installation...(discussion) by tinman

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2024-04-23 23:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found