Received: from maia.hub.org (maia-2.hub.org [200.46.204.251])
	by mail.postgresql.org (Postfix) with ESMTP id 5135FB5D803
	for <pgsql-docs-postgresql.org@mail.postgresql.org>;
	Mon, 13 Jun 2011 21:58:11 -0300 (ADT)
Received: from mail.postgresql.org ([200.46.204.86])
	by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia,
	port 10024) with ESMTP id 56534-03 for
	<pgsql-docs-postgresql.org@mail.postgresql.org>;
	Tue, 14 Jun 2011 00:58:04 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from momjian.us (momjian.us [70.90.9.53])
	by mail.postgresql.org (Postfix) with ESMTP id 869DEB5DBD9
	for <pgsql-docs@postgresql.org>; Mon, 13 Jun 2011 21:58:04 -0300 (ADT)
Received: (from bruce@localhost) by momjian.us (8.11.6/8.11.6) id
 p5E0w3F07048;
	Mon, 13 Jun 2011 20:58:03 -0400 (EDT)
From: Bruce Momjian <bruce@momjian.us>
Message-Id: <201106140058.p5E0w3F07048@momjian.us>
Subject: Re: CIDR address in pg_hba.conf
In-Reply-To: <BANLkTimx-SYy-6GbQcxM5ZAemyj2pA8mzg@mail.gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Date: Mon, 13 Jun 2011 20:58:03 -0400 (EDT)
CC: Tom Lane <tgl@sss.pgh.pa.us>, Fujii Masao <masao.fujii@gmail.com>,
	pgsql-docs <pgsql-docs@postgresql.org>
X-Mailer: ELM [version 2.4ME+ PL124 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=-1.91 tagged_above=-5 required=5 tests=BAYES_00=-1.9,
	T_RP_MATCHES_RCVD=-0.01
X-Spam-Level: 
X-Archive-Number: 201106/66
X-Sequence-Number: 6840

Robert Haas wrote:
> On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <bruce@momjian.us> wrote:
> > Tom Lane wrote:
> >> Fujii Masao <masao.fujii@gmail.com> writes:
> >> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
> >> >> An IP address is specified in standard dotted decimal notation with
> >> >> a CIDR mask length. The mask length indicates the number of
> >> >> high-order bits of the client IP address that must match. Bits to the
> >> >> right of this must be zero in the given IP address.
> >>
> >> > Is the last statement correct? When I specified the following setting
> >> > in pg_hba.conf, I could not find any problem in PostgreSQL.
> >>
> >> > ? ? host ?all ?all ?192.168.1.99/24 ?trust
> >>
> >> > As far as I read the code, those bits seem not to need to be zero.
> >> > Attached patch just removes that statement.
> >>
> >> Even if it happens to work that way at the moment, do we want to
> >> encourage people to depend on such an implementation artifact?
> >>
> >> IOW, if you read "must" as "if you want to trust it to work in future
> >> versions, you must", the advice is perfectly sound.
> >
> > Should we use "should"?
> 
> +1.

Thanks for the feedback.  Patched in head and 9.1.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +