AJAX Concept Question

[Mat <true.atlantis () gmail com>]

I really have no formal experience with AJAX - just what I have learned
from google.

Why is XML used as a transport agent/layer?  

> From what I understand, AJAX is implemented using ActiveX (IE) or
XMLHttpRequest to get XML from somewhere.  Then the web page will parse
the XML and make dynamic changes to the based upon the returned XML. 

Another way I have seen it implemented (which makes more sense to me) is
to use javascript to append the response of a web page to the end of the
'web page' (HTML, JSP, PHP, whatever).  For example, you request a web
page, and it will return 'alert("hello world");'... When that is
appended to the end of the page, it is executed.

The second method makes more sense to me because you don't have to do
any client side manipulation - all processing is done on the server
side. 

What are the benefits of using either implementation?  Obviously the
second way is not typical AJAX due to the lack of XML - but its the same
idea.  Also, are there any security related issues due to using either
method? 

Thanks.


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------