| From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-docs <pgsql-docs(at)postgresql(dot)org> |
| Subject: | Re: CIDR address in pg_hba.conf |
| Date: | 2011-06-06 17:27:34 |
| Message-ID: | BANLkTinH0evwVweCM7ZXhsf-8-9w3Bi9Rw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Tue, Jun 7, 2011 at 1:56 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
>> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>>> An IP address is specified in standard dotted decimal notation with
>>> a CIDR mask length. The mask length indicates the number of
>>> high-order bits of the client IP address that must match. Bits to the
>>> right of this must be zero in the given IP address.
>
>> Is the last statement correct? When I specified the following setting
>> in pg_hba.conf, I could not find any problem in PostgreSQL.
>
>> host all all 192.168.1.99/24 trust
>
>> As far as I read the code, those bits seem not to need to be zero.
>> Attached patch just removes that statement.
>
> Even if it happens to work that way at the moment, do we want to
> encourage people to depend on such an implementation artifact?
>
> IOW, if you read "must" as "if you want to trust it to work in future
> versions, you must", the advice is perfectly sound.
Okay. Sounds reasonable. I drop the patch.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-06-08 15:09:27 | Re: BUG #5926: information schema dtd_identifier for element_types, columns, parameters views inconsistent |
| Previous Message | Tom Lane | 2011-06-06 16:56:25 | Re: CIDR address in pg_hba.conf |