Using the Key Generation Service in designing paste bin is risky and the problem seems ignored by the lesson.
Paste bin URL generation is not the same as the the Tiny URL generation. The key here is that users of paste bin can customize their keys. If we use KGS here, chances are the users can customize a key such that:
- Not used
- Loaded into KGS memory
This will cause consistency issues and it is not detectable by the original design. Here is an example:
Key DB (available keys table) has the following keys generated offline:
- keykey1
- keykey2
- keykey3
KGS has preloaded the following keys in its memory:
- keykey1
- keykey2
Now user A is using the a customized key for his/her paste: keykey1
Then, user B comes and decide NOT to use a customized key, system asked KGS and get keykey1 again for user B’s paste
We have a collision on A & B’s pasted text as they share the same URL key - keykey1 in this case.
Final suggestion is that: this risk worth to be mentioned in the lesson and some protective mechanisms should be added.