From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, pgsql-docs <pgsql-docs(at)postgresql(dot)org> |
Subject: | Re: CIDR address in pg_hba.conf |
Date: | 2011-06-13 17:19:32 |
Message-ID: | BANLkTimx-SYy-6GbQcxM5ZAemyj2pA8mzg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> Tom Lane wrote:
>> Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
>> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> >> An IP address is specified in standard dotted decimal notation with
>> >> a CIDR mask length. The mask length indicates the number of
>> >> high-order bits of the client IP address that must match. Bits to the
>> >> right of this must be zero in the given IP address.
>>
>> > Is the last statement correct? When I specified the following setting
>> > in pg_hba.conf, I could not find any problem in PostgreSQL.
>>
>> > host all all 192.168.1.99/24 trust
>>
>> > As far as I read the code, those bits seem not to need to be zero.
>> > Attached patch just removes that statement.
>>
>> Even if it happens to work that way at the moment, do we want to
>> encourage people to depend on such an implementation artifact?
>>
>> IOW, if you read "must" as "if you want to trust it to work in future
>> versions, you must", the advice is perfectly sound.
>
> Should we use "should"?
+1.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2011-06-13 17:24:02 | Re: Information about WAL Configuration needs an update |
Previous Message | Robert Haas | 2011-06-13 17:04:53 | Re: Add link to current_schemas in config.sgml |