Received: from maia.hub.org (maia-3.hub.org [200.46.204.243])
	by mail.postgresql.org (Postfix) with ESMTP id A822BB5FBA7
	for <pgsql-docs-postgresql.org@mail.postgresql.org>;
	Mon,  6 Jun 2011 13:56:37 -0300 (ADT)
Received: from mail.postgresql.org ([200.46.204.86])
	by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia,
	port 10024) with ESMTP id 47210-03 for
	<pgsql-docs-postgresql.org@mail.postgresql.org>;
	Mon,  6 Jun 2011 16:56:30 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130])
	by mail.postgresql.org (Postfix) with ESMTP id C211BB5DC44
	for <pgsql-docs@postgresql.org>; Mon,  6 Jun 2011 13:56:28 -0300 (ADT)
Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1])
	by sss.pgh.pa.us (8.14.2/8.14.2) with ESMTP id p56GuQN9008796;
	Mon, 6 Jun 2011 12:56:26 -0400 (EDT)
To: Fujii Masao <masao.fujii@gmail.com>
cc: pgsql-docs <pgsql-docs@postgresql.org>
Subject: Re: CIDR address in pg_hba.conf 
In-reply-to: <BANLkTi=SQs8mvfR-MM33NwrSGk75=t_U5g@mail.gmail.com> 
References: <BANLkTi=SQs8mvfR-MM33NwrSGk75=t_U5g@mail.gmail.com>
Comments: In-reply-to Fujii Masao <masao.fujii@gmail.com>
	message dated "Tue, 07 Jun 2011 01:31:54 +0900"
Date: Mon, 06 Jun 2011 12:56:25 -0400
Message-ID: <8795.1307379385@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=-1.91 tagged_above=-5 required=5 tests=BAYES_00=-1.9,
	T_RP_MATCHES_RCVD=-0.01
X-Spam-Level: 
X-Archive-Number: 201106/21
X-Sequence-Number: 6795

Fujii Masao <masao.fujii@gmail.com> writes:
> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> An IP address is specified in standard dotted decimal notation with
>> a CIDR mask length. The mask length indicates the number of
>> high-order bits of the client IP address that must match. Bits to the
>> right of this must be zero in the given IP address.

> Is the last statement correct? When I specified the following setting
> in pg_hba.conf, I could not find any problem in PostgreSQL.

>     host  all  all  192.168.1.99/24  trust

> As far as I read the code, those bits seem not to need to be zero.
> Attached patch just removes that statement.

Even if it happens to work that way at the moment, do we want to
encourage people to depend on such an implementation artifact?

IOW, if you read "must" as "if you want to trust it to work in future
versions, you must", the advice is perfectly sound.

			regards, tom lane