CIDR address in pg

public inbox for [email protected]  
help / color / mirror / Atom feed

CIDR address in pg_hba.conf
6+ messages / 4 participants
[nested] [flat]

* CIDR address in pg_hba.conf
@ 2011-06-06 16:31  Fujii Masao <[email protected]>
  0 siblings, 1 reply; 6+ messages in thread

From: Fujii Masao @ 2011-06-06 16:31 UTC (permalink / raw)
  To: pgsql-docs

Hi,

http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
> An IP address is specified in standard dotted decimal notation with
> a CIDR mask length. The mask length indicates the number of
> high-order bits of the client IP address that must match. Bits to the
> right of this must be zero in the given IP address.

Is the last statement correct? When I specified the following setting
in pg_hba.conf, I could not find any problem in PostgreSQL.

    host  all  all  192.168.1.99/24  trust

As far as I read the code, those bits seem not to need to be zero.
Attached patch just removes that statement.

Regards,

-- 
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center


Attachments:

  [text/x-diff] hba_v1.patch (1.0K, 2-hba_v1.patch)
  download | inline diff:
*** a/doc/src/sgml/client-auth.sgml
--- b/doc/src/sgml/client-auth.sgml
***************
*** 231,238 **** hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
         An IP address is specified in standard dotted decimal
         notation with a <acronym>CIDR</> mask length.  The mask
         length indicates the number of high-order bits of the client
!        IP address that must match.  Bits to the right of this must
!        be zero in the given IP address.
         There must not be any white space between the IP address, the
         <literal>/</literal>, and the CIDR mask length.
        </para>
--- 231,237 ----
         An IP address is specified in standard dotted decimal
         notation with a <acronym>CIDR</> mask length.  The mask
         length indicates the number of high-order bits of the client
!        IP address that must match.
         There must not be any white space between the IP address, the
         <literal>/</literal>, and the CIDR mask length.
        </para>


^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: CIDR address in pg_hba.conf
@ 2011-06-06 16:56  Tom Lane <[email protected]>
  parent: Fujii Masao <[email protected]>
  0 siblings, 2 replies; 6+ messages in thread

From: Tom Lane @ 2011-06-06 16:56 UTC (permalink / raw)
  To: Fujii Masao <[email protected]>; +Cc: pgsql-docs

Fujii Masao <[email protected]> writes:
> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> An IP address is specified in standard dotted decimal notation with
>> a CIDR mask length. The mask length indicates the number of
>> high-order bits of the client IP address that must match. Bits to the
>> right of this must be zero in the given IP address.

> Is the last statement correct? When I specified the following setting
> in pg_hba.conf, I could not find any problem in PostgreSQL.

>     host  all  all  192.168.1.99/24  trust

> As far as I read the code, those bits seem not to need to be zero.
> Attached patch just removes that statement.

Even if it happens to work that way at the moment, do we want to
encourage people to depend on such an implementation artifact?

IOW, if you read "must" as "if you want to trust it to work in future
versions, you must", the advice is perfectly sound.

			regards, tom lane



^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: CIDR address in pg_hba.conf
@ 2011-06-06 17:27  Fujii Masao <[email protected]>
  parent: Tom Lane <[email protected]>
  1 sibling, 0 replies; 6+ messages in thread

From: Fujii Masao @ 2011-06-06 17:27 UTC (permalink / raw)
  To: Tom Lane <[email protected]>; +Cc: pgsql-docs

On Tue, Jun 7, 2011 at 1:56 AM, Tom Lane <[email protected]> wrote:
> Fujii Masao <[email protected]> writes:
>> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>>> An IP address is specified in standard dotted decimal notation with
>>> a CIDR mask length. The mask length indicates the number of
>>> high-order bits of the client IP address that must match. Bits to the
>>> right of this must be zero in the given IP address.
>
>> Is the last statement correct? When I specified the following setting
>> in pg_hba.conf, I could not find any problem in PostgreSQL.
>
>>     host  all  all  192.168.1.99/24  trust
>
>> As far as I read the code, those bits seem not to need to be zero.
>> Attached patch just removes that statement.
>
> Even if it happens to work that way at the moment, do we want to
> encourage people to depend on such an implementation artifact?
>
> IOW, if you read "must" as "if you want to trust it to work in future
> versions, you must", the advice is perfectly sound.

Okay. Sounds reasonable. I drop the patch.

Regards,

-- 
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center



^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: CIDR address in pg_hba.conf
@ 2011-06-10 00:42  Bruce Momjian <[email protected]>
  parent: Tom Lane <[email protected]>
  1 sibling, 1 reply; 6+ messages in thread

From: Bruce Momjian @ 2011-06-10 00:42 UTC (permalink / raw)
  To: Tom Lane <[email protected]>; +Cc: Fujii Masao <[email protected]>; pgsql-docs

Tom Lane wrote:
> Fujii Masao <[email protected]> writes:
> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
> >> An IP address is specified in standard dotted decimal notation with
> >> a CIDR mask length. The mask length indicates the number of
> >> high-order bits of the client IP address that must match. Bits to the
> >> right of this must be zero in the given IP address.
> 
> > Is the last statement correct? When I specified the following setting
> > in pg_hba.conf, I could not find any problem in PostgreSQL.
> 
> >     host  all  all  192.168.1.99/24  trust
> 
> > As far as I read the code, those bits seem not to need to be zero.
> > Attached patch just removes that statement.
> 
> Even if it happens to work that way at the moment, do we want to
> encourage people to depend on such an implementation artifact?
> 
> IOW, if you read "must" as "if you want to trust it to work in future
> versions, you must", the advice is perfectly sound.

Should we use "should"?

> >> right of this should be zero in the given IP address.

-- 
  Bruce Momjian  <[email protected]>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +



^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: CIDR address in pg_hba.conf
@ 2011-06-13 17:19  Robert Haas <[email protected]>
  parent: Bruce Momjian <[email protected]>
  0 siblings, 1 reply; 6+ messages in thread

From: Robert Haas @ 2011-06-13 17:19 UTC (permalink / raw)
  To: Bruce Momjian <[email protected]>; +Cc: Tom Lane <[email protected]>; Fujii Masao <[email protected]>; pgsql-docs

On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <[email protected]> wrote:
> Tom Lane wrote:
>> Fujii Masao <[email protected]> writes:
>> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> >> An IP address is specified in standard dotted decimal notation with
>> >> a CIDR mask length. The mask length indicates the number of
>> >> high-order bits of the client IP address that must match. Bits to the
>> >> right of this must be zero in the given IP address.
>>
>> > Is the last statement correct? When I specified the following setting
>> > in pg_hba.conf, I could not find any problem in PostgreSQL.
>>
>> >     host  all  all  192.168.1.99/24  trust
>>
>> > As far as I read the code, those bits seem not to need to be zero.
>> > Attached patch just removes that statement.
>>
>> Even if it happens to work that way at the moment, do we want to
>> encourage people to depend on such an implementation artifact?
>>
>> IOW, if you read "must" as "if you want to trust it to work in future
>> versions, you must", the advice is perfectly sound.
>
> Should we use "should"?

+1.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: CIDR address in pg_hba.conf
@ 2011-06-14 00:58  Bruce Momjian <[email protected]>
  parent: Robert Haas <[email protected]>
  0 siblings, 0 replies; 6+ messages in thread

From: Bruce Momjian @ 2011-06-14 00:58 UTC (permalink / raw)
  To: Robert Haas <[email protected]>; +Cc: Tom Lane <[email protected]>; Fujii Masao <[email protected]>; pgsql-docs

Robert Haas wrote:
> On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <[email protected]> wrote:
> > Tom Lane wrote:
> >> Fujii Masao <[email protected]> writes:
> >> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
> >> >> An IP address is specified in standard dotted decimal notation with
> >> >> a CIDR mask length. The mask length indicates the number of
> >> >> high-order bits of the client IP address that must match. Bits to the
> >> >> right of this must be zero in the given IP address.
> >>
> >> > Is the last statement correct? When I specified the following setting
> >> > in pg_hba.conf, I could not find any problem in PostgreSQL.
> >>
> >> > ? ? host ?all ?all ?192.168.1.99/24 ?trust
> >>
> >> > As far as I read the code, those bits seem not to need to be zero.
> >> > Attached patch just removes that statement.
> >>
> >> Even if it happens to work that way at the moment, do we want to
> >> encourage people to depend on such an implementation artifact?
> >>
> >> IOW, if you read "must" as "if you want to trust it to work in future
> >> versions, you must", the advice is perfectly sound.
> >
> > Should we use "should"?
> 
> +1.

Thanks for the feedback.  Patched in head and 9.1.

-- 
  Bruce Momjian  <[email protected]>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +




^ permalink  raw  reply  [nested|flat] 6+ messages in thread

end of thread, other threads:[~2011-06-14 00:58 UTC | newest]

Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]>
2011-06-06 16:56 ` Tom Lane <[email protected]>
2011-06-06 17:27   ` Fujii Masao <[email protected]>
2011-06-10 00:42   ` Bruce Momjian <[email protected]>
2011-06-13 17:19     ` Robert Haas <[email protected]>
2011-06-14 00:58       ` Bruce Momjian <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox