Re: CIDR address in pg_hba.conf

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Fujii Masao <masao(dot)fujii(at)gmail(dot)com>
Cc: pgsql-docs <pgsql-docs(at)postgresql(dot)org>
Subject: Re: CIDR address in pg_hba.conf
Date: 2011-06-06 16:56:25
Message-ID: 8795.1307379385@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-docs

Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> An IP address is specified in standard dotted decimal notation with
>> a CIDR mask length. The mask length indicates the number of
>> high-order bits of the client IP address that must match. Bits to the
>> right of this must be zero in the given IP address.

> Is the last statement correct? When I specified the following setting
> in pg_hba.conf, I could not find any problem in PostgreSQL.

> host all all 192.168.1.99/24 trust

> As far as I read the code, those bits seem not to need to be zero.
> Attached patch just removes that statement.

Even if it happens to work that way at the moment, do we want to
encourage people to depend on such an implementation artifact?

IOW, if you read "must" as "if you want to trust it to work in future
versions, you must", the advice is perfectly sound.

regards, tom lane

In response to

Responses

Browse pgsql-docs by date

  From Date Subject
Next Message Fujii Masao 2011-06-06 17:27:34 Re: CIDR address in pg_hba.conf
Previous Message Fujii Masao 2011-06-06 16:31:54 CIDR address in pg_hba.conf