Brain on Fire » Blog Tim McCormack, distilled

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

I am writing a web app that hides much of its inner workings, as any good web app should. (Why? future-proofing, security, simplicity of user experience, etc.) I chose to route all requests that involve server-side scripting through a single file, capture.php. But somewhere along the way, form POSTs stopped working! Why?