| From: | "security improvement proposal: pg_hba(dot)conf and CIDR mask" <marc(at)intershop(dot)de> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning |
| Date: | 2008-09-23 09:44:24 |
| Message-ID: | 200809230944.m8N9iOIL094901@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 4433
Logged by: security improvement proposal: pg_hba.conf and CIDR
mask
Email address: marc(at)intershop(dot)de
PostgreSQL version: 8.2.4
Operating system: Linux
Description: entries like "host all all 10.0.50.31/0 ..."
should not be allowed or trigger a warning
Details:
Hello,
not really a bug, but a possible security issue for wrongly configured
installations.
A CIDR mask length of 0 will allow to connect from any location. I did this
mistake as I didn't read the documentation carefully enough.
Checking the mask against the IP address would prevent such errors:
/0 : disallow ?
/24 : IP must ends with .0
/16 : IP must ends with .0.0
...
HTH,
Marc Mamin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2008-09-23 10:50:49 | Re: BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning |
| Previous Message | Tom Lane | 2008-09-22 12:03:22 | Re: BUG #4431: cannot pg_restore from pg_dump --format=c |