Be cautious when using downloaded components
But there are a number of reasons you should think twice before grabbing code from the Web. Some of the negatives are obvious, but others may surprise you.
The code could contain a virus
You must be careful about viruses if you’re pulling components or executables from the Web. While major vendor sites are unlikely to carry malicious code or executables, pulling these files from an individual’s Web site or posting boards always put you at risk. The biggest risk is that the virus will activate at a later date, like when your program is in production, which means you might not catch it during the testing process.
The code has flaws
During the testing process, you may discover that the component doesn’t work as well as you thought it would. The code might also have bugs. Bugs aren't as serious as viruses, but they can limit your ability to troubleshoot a component. You’ll then have to spend much more time fixing the problem and probably end up replacing the component anyway.
The code will expire
I worked on a project where rigorous testing took place to ensure that an application was stable and correct. However, after three months in production, the application started to fail. We found the error in a component that was downloaded from the Web. It turns out that the free component was actually only free for a six-month trial, after which you had to pay for it. The component was smart enough to turn itself off after the six-month period expired. The developer who downloaded this component found himself in serious hot water.
The code might break something else in the environment
Finding that the code has broken something else is a common problem when developers upgrade software versions directly from the Web. I saw a good example of this at my current company. When the new version of Internet Explorer came out, some people went to the Microsoft Web site to download the upgrade. A few days later, we started to receive help desk tickets from people having problems with some of their Web applications. The new browser version was not completely compatible with the old version, and we had to reinstall the older release. Since the company was not ready to migrate to the newer version, the Web applications hadn’t been tested for that software level.
You may be going against standard architecture
Developers don’t always pay attention to the subtle problem of going against standard architecture. Your company may have a standard technical architecture that needs to be controlled. Nonstandard technology should be evaluated ahead of time. Components downloaded off the Web can slip in under the radar screen. In a company I worked at in the mid-90s, the technical architecture did not yet include Java. We wanted to make sure we had the right servers, testing, and training in place before using Java in Web development. Obviously, everyone was surprised to find that a production application running on the intranet was already using a number of Java-based components downloaded from the Web. In this case, the nonstandard components didn’t cause any harm, but other times such components can cause incompatibility problems in the technical environment.
Policy plus prudence equals safe downloads
Many companies have policies about what you can and can’t pull off the Web, but some lack any type of policy or guidance. My remarks aren’t meant to frighten you away from pulling code and components off the Web. Much of the material available is valuable and can help you build your application better, faster, and cheaper. But don’t be blind to the potential risk. First, make sure you understand and follow your organization’s guidelines on the matter. Then, if you download material and use it in your production applications, make sure you only download material from reputable Web sites.