blend27 - 2:35 pm on Mar 14, 2010 (gmt 0)
Couple of month ago while finishing a good size project the share hosting server where the DEV site was hosted on was hacked and all sites got JS-Script injection into every page and every site on that shared server. The Script was pointing to .(*&^%&*^%.cn domains that if executed would download and install a Trojan on machine. As a result several machines on my clients’ local network got infected. The project came to stand still till the hosting server was cleaned - 1 Day, all the machines were cleaned on the clients network 3 days. A week later same thing. It was a tuffy to keep this client as such. We lost more that a week worth of valuable time.
All in all, we almost lost this client. At the beginning we were even blamed for installing the virus on their network. This was a site that was only accessible from Clients IPS and ours via HTTP. If they were running NOScript at the time I am pretty sure we could of avoid half the problems.
To access the original site is OK - to run JS from other sites Not OK. I visit lots of sites that use JQuery, and if it is not hosted on the same site as I am visiting, the site does not run until I temporarily allow it to run, but only from select sites like JQuery site themselves. Same goes for ADS.
I understand the pain of losing the revenue from Advertising, but also understand the concept: Better SAFE than SORRY.