Brain on Fire » Blog Tim McCormack says words

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

I'm having difficulty deciding what is the best approach to returning from a POST request to one's web app. I'd like to deliver messages to the user about the results of the request, I want to avoid some nasty POST-related browser behavior, and proper bookmarking would be sweet, too. Unfortunately, it seems I can only have 2 out of the 3 with any given strategy.