quote: Peter Boughton
Uhh???? That's really misleading. Microsoft created the XmlHttpRequest function (long before AJAX/Web2.0), but they didn't invent the technique nor the term.
That's true, but my comment isn't misleading at all. AJAX provides developers with the WYSISYG components to make use of XMLHttp to updates small regions of your pages, whereas previously you'd have to script that bit yourself and chances are, without AJAX and a mountain of client-side scripting, you'd still get a complete postback.
quote: Peter Boughton
No more risk from injection attacks using JSON vs SOAP - any client input can result in injection attacks if it isn't properly validated.
Completely agree again, although JSON transparently requires the download of a cacheable JS script file whereas SOAP is/can be streamed each time the page is loaded. Any system that requires files to be actually sotred on your PC is going to be more of a security risk than streamed data because it means if they injection-attack your JS download, then you're exploited with every load of the page (and thus the JS), whereas to exploit you every time with injection into a SOAP stream, hackers would have to sit on a connection injecting their malfeasance every request.