Why is using a HTTP GET to update state on the server in a RESTful call incorrect?

Question

OK, I know already all the reasons on paper why I should not use a HTTP GET when making a RESTful call to update the state of something on

Answer 1

One more problem is there. If GET method is used , data is sent in the URL itself . In web server's logs , this data gets saved somewhere in the server along with the request path. Now suppose that if someone has access to/reads those log files , your data (can be user id , passwords , key words , tokens etc. ) gets revealed . This is dangerous and has to be taken care of .

In server's log file, headers and body are not logged but request path is . So , in POST method where data is sent in body, not in request path, your data remains safe .