Upon looking at the source, I was amazed to see code that violated a couple of practices that I consider essential to CGI programming: taint checks were not turned on, and CGI.pm was not used. At that time, I solicited the opinion of my fellow monks on what to do (I didn't think I would be taken seriously by management.. have you ever seen a glint in the eye of senior management when they're championing a product ? I saw it in my manager's eyes :o).. Thanks to WebHick, virtualsue and TStanley (these are just the people I remember, there were quite a few more), I wrote a CYA email to a few people outlining some of the problems that I saw in the script (namely, the two I mentioned above)..

Now, the point of this rambling meditation (finally, you say :o)... Another possible problem that I discovered is that this script sends email, but uses raw sockets and SMTP commands in the script rather than modules from CPAN (Net:: and Mail:: modules)... Now I personally think that this is another coding practice as bad as not using CGI.pm or enabling taint checks.. but I can see the point of view of the developer (I think I've seen other Perl products that also has the same philosophy of not using modules because then it runs "out of the box" on any Perl installation).. My question really is.. do you think writing products that don't use CPAN modules is bad coding practice ? Were you to write a product that would be publicly distributed (commercially or otherwise), which approach would you take ? and why ?