Which one of the following is true when creating interfaces that alter data on the server?

Question

I just finished a BrainBench test and for the life of my can't figure out the answer to this question...I don't think there is a correct answer.

Choice 1 PUT requests need to be used; they are not repeatable.

Choice 2 HEAD requests need to be used; they reduce data traffic.

Choice 3 GET requests need to be used; they are easier to send to other users.

Choice 4 POST requests need to be used since GET requests could be inadvertently sent by a search engine

Choice 5 DELETE requests need to be used; they were designed for this use.

Answer 1

I'm not positive on this, but I'm pretty sure its Choice 4.

Lets say you have a link that goes to /Delete.aspx?id=4, and Google decides to crawl that link. Assuming theres no authorization checks, Google can wipe out your records.

Edit: Heres an SO discussion on why POSTs are used instead of GETs for actions that alter data.

Answer 2

PUT, POST and DELETE can all be used. DELETE deletes data, which falls under "altering". PUT replaces. POST can do anything.

The question IMHO is not well-phrased, but as the answers 1 and 5 contain mis-information, 4 probably is supposed to be the right answer.

Answer 3

If PUT replaces content, then it's idempotent, and thus repeatable, and thus 1 is wrong, if for no reason the later half of the sentence. HEAD would be nonsensical in this case, so it's out. GET is bad for the aforementioned reasons (crawlers nuking content, etc.) - GET means GET. It doens't meant GET (oh and have some side affects) POST is the right answer. DELETE is meant for... deleting resources. Which is not what you want.