GET or POST for deletion

As a newbie in the world of web development, I have a handful of general questions regarding web design 开发者_Go百科and here is one of them.

I am working on implementing a simple address book for my web site. It should allow users to add/modify/delete address. For delete, I am not clear on how I should implement it. Should I use GET or POST to pass the required info for deletion to the server?

I thought it was more secured to use POST for deletion, but when Amazon's implementation seems to counter that (below). I am kind of confused on which approach to take, or does it even matter?

Amazon's approach for address deletion

http://www.amazon.com/gp/css/account/address/view.html?ie=UTF8&addressID=xxxxx&addressDelete=true&sessionId=xxx-xxxxxxx-xxxxxxx

Note: This is for a web site (not a web service)

---

Is it RESTful web service or just a web site accessed from the browser?

• For RESTFul service DELETE would be apropriate
• For a web site just POST.

---

The HTTP method you will use does not affect security in any way. They have a semantic meaning. Did you know there is a DELETE method as well? POST and GET is often used in web applications because it is primarily supported by some languages (e.g. PHP) and browsers.

There are other things you should take care of. In this case, that the request is authorized of course, you will probably solve that with an authentication system depending on what platform you use.

Be also wary of things like CSRF. e.g. somebody could post a bogus image on the internet linking to the delete URL and a logged in user would access it and delete the entity unknowingly. This applies to any request made your app though.