| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, pgsql-docs <pgsql-docs(at)postgresql(dot)org> |
| Subject: | Re: CIDR address in pg_hba.conf |
| Date: | 2011-06-10 00:42:10 |
| Message-ID: | 201106100042.p5A0gAw27314@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
Tom Lane wrote:
> Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
> >> An IP address is specified in standard dotted decimal notation with
> >> a CIDR mask length. The mask length indicates the number of
> >> high-order bits of the client IP address that must match. Bits to the
> >> right of this must be zero in the given IP address.
>
> > Is the last statement correct? When I specified the following setting
> > in pg_hba.conf, I could not find any problem in PostgreSQL.
>
> > host all all 192.168.1.99/24 trust
>
> > As far as I read the code, those bits seem not to need to be zero.
> > Attached patch just removes that statement.
>
> Even if it happens to work that way at the moment, do we want to
> encourage people to depend on such an implementation artifact?
>
> IOW, if you read "must" as "if you want to trust it to work in future
> versions, you must", the advice is perfectly sound.
Should we use "should"?
> >> right of this should be zero in the given IP address.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thom Brown | 2011-06-12 21:08:05 | Re: Documentation and explanatory diagrams |
| Previous Message | Bruce Momjian | 2011-06-09 22:48:47 | Re: ECPG, sentence not complete |