public inbox for [email protected]help / color / mirror / Atom feed
CIDR address in pg_hba.conf 6+ messages / 4 participants [nested] [flat]
* CIDR address in pg_hba.conf @ 2011-06-06 16:31 Fujii Masao <[email protected]> 2011-06-06 16:56 ` Re: CIDR address in pg_hba.conf Tom Lane <[email protected]> 0 siblings, 1 reply; 6+ messages in thread From: Fujii Masao @ 2011-06-06 16:31 UTC (permalink / raw) To: pgsql-docs Hi, http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html > An IP address is specified in standard dotted decimal notation with > a CIDR mask length. The mask length indicates the number of > high-order bits of the client IP address that must match. Bits to the > right of this must be zero in the given IP address. Is the last statement correct? When I specified the following setting in pg_hba.conf, I could not find any problem in PostgreSQL. host all all 192.168.1.99/24 trust As far as I read the code, those bits seem not to need to be zero. Attached patch just removes that statement. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center Attachments: [text/x-diff] hba_v1.patch (1.0K, 2-hba_v1.patch) download | inline diff: *** a/doc/src/sgml/client-auth.sgml --- b/doc/src/sgml/client-auth.sgml *************** *** 231,238 **** hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> An IP address is specified in standard dotted decimal notation with a <acronym>CIDR</> mask length. The mask length indicates the number of high-order bits of the client ! IP address that must match. Bits to the right of this must ! be zero in the given IP address. There must not be any white space between the IP address, the <literal>/</literal>, and the CIDR mask length. </para> --- 231,237 ---- An IP address is specified in standard dotted decimal notation with a <acronym>CIDR</> mask length. The mask length indicates the number of high-order bits of the client ! IP address that must match. There must not be any white space between the IP address, the <literal>/</literal>, and the CIDR mask length. </para> ^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CIDR address in pg_hba.conf 2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]> @ 2011-06-06 16:56 ` Tom Lane <[email protected]> 2011-06-06 17:27 ` Re: CIDR address in pg_hba.conf Fujii Masao <[email protected]> 2011-06-10 00:42 ` Re: CIDR address in pg_hba.conf Bruce Momjian <[email protected]> 0 siblings, 2 replies; 6+ messages in thread From: Tom Lane @ 2011-06-06 16:56 UTC (permalink / raw) To: Fujii Masao <[email protected]>; +Cc: pgsql-docs Fujii Masao <[email protected]> writes: > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html >> An IP address is specified in standard dotted decimal notation with >> a CIDR mask length. The mask length indicates the number of >> high-order bits of the client IP address that must match. Bits to the >> right of this must be zero in the given IP address. > Is the last statement correct? When I specified the following setting > in pg_hba.conf, I could not find any problem in PostgreSQL. > host all all 192.168.1.99/24 trust > As far as I read the code, those bits seem not to need to be zero. > Attached patch just removes that statement. Even if it happens to work that way at the moment, do we want to encourage people to depend on such an implementation artifact? IOW, if you read "must" as "if you want to trust it to work in future versions, you must", the advice is perfectly sound. regards, tom lane ^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CIDR address in pg_hba.conf 2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]> 2011-06-06 16:56 ` Re: CIDR address in pg_hba.conf Tom Lane <[email protected]> @ 2011-06-06 17:27 ` Fujii Masao <[email protected]> 1 sibling, 0 replies; 6+ messages in thread From: Fujii Masao @ 2011-06-06 17:27 UTC (permalink / raw) To: Tom Lane <[email protected]>; +Cc: pgsql-docs On Tue, Jun 7, 2011 at 1:56 AM, Tom Lane <[email protected]> wrote: > Fujii Masao <[email protected]> writes: >> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html >>> An IP address is specified in standard dotted decimal notation with >>> a CIDR mask length. The mask length indicates the number of >>> high-order bits of the client IP address that must match. Bits to the >>> right of this must be zero in the given IP address. > >> Is the last statement correct? When I specified the following setting >> in pg_hba.conf, I could not find any problem in PostgreSQL. > >> host all all 192.168.1.99/24 trust > >> As far as I read the code, those bits seem not to need to be zero. >> Attached patch just removes that statement. > > Even if it happens to work that way at the moment, do we want to > encourage people to depend on such an implementation artifact? > > IOW, if you read "must" as "if you want to trust it to work in future > versions, you must", the advice is perfectly sound. Okay. Sounds reasonable. I drop the patch. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center ^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CIDR address in pg_hba.conf 2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]> 2011-06-06 16:56 ` Re: CIDR address in pg_hba.conf Tom Lane <[email protected]> @ 2011-06-10 00:42 ` Bruce Momjian <[email protected]> 2011-06-13 17:19 ` Re: CIDR address in pg_hba.conf Robert Haas <[email protected]> 1 sibling, 1 reply; 6+ messages in thread From: Bruce Momjian @ 2011-06-10 00:42 UTC (permalink / raw) To: Tom Lane <[email protected]>; +Cc: Fujii Masao <[email protected]>; pgsql-docs Tom Lane wrote: > Fujii Masao <[email protected]> writes: > > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html > >> An IP address is specified in standard dotted decimal notation with > >> a CIDR mask length. The mask length indicates the number of > >> high-order bits of the client IP address that must match. Bits to the > >> right of this must be zero in the given IP address. > > > Is the last statement correct? When I specified the following setting > > in pg_hba.conf, I could not find any problem in PostgreSQL. > > > host all all 192.168.1.99/24 trust > > > As far as I read the code, those bits seem not to need to be zero. > > Attached patch just removes that statement. > > Even if it happens to work that way at the moment, do we want to > encourage people to depend on such an implementation artifact? > > IOW, if you read "must" as "if you want to trust it to work in future > versions, you must", the advice is perfectly sound. Should we use "should"? > >> right of this should be zero in the given IP address. -- Bruce Momjian <[email protected]> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + ^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CIDR address in pg_hba.conf 2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]> 2011-06-06 16:56 ` Re: CIDR address in pg_hba.conf Tom Lane <[email protected]> 2011-06-10 00:42 ` Re: CIDR address in pg_hba.conf Bruce Momjian <[email protected]> @ 2011-06-13 17:19 ` Robert Haas <[email protected]> 2011-06-14 00:58 ` Re: CIDR address in pg_hba.conf Bruce Momjian <[email protected]> 0 siblings, 1 reply; 6+ messages in thread From: Robert Haas @ 2011-06-13 17:19 UTC (permalink / raw) To: Bruce Momjian <[email protected]>; +Cc: Tom Lane <[email protected]>; Fujii Masao <[email protected]>; pgsql-docs On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <[email protected]> wrote: > Tom Lane wrote: >> Fujii Masao <[email protected]> writes: >> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html >> >> An IP address is specified in standard dotted decimal notation with >> >> a CIDR mask length. The mask length indicates the number of >> >> high-order bits of the client IP address that must match. Bits to the >> >> right of this must be zero in the given IP address. >> >> > Is the last statement correct? When I specified the following setting >> > in pg_hba.conf, I could not find any problem in PostgreSQL. >> >> > host all all 192.168.1.99/24 trust >> >> > As far as I read the code, those bits seem not to need to be zero. >> > Attached patch just removes that statement. >> >> Even if it happens to work that way at the moment, do we want to >> encourage people to depend on such an implementation artifact? >> >> IOW, if you read "must" as "if you want to trust it to work in future >> versions, you must", the advice is perfectly sound. > > Should we use "should"? +1. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company ^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CIDR address in pg_hba.conf 2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]> 2011-06-06 16:56 ` Re: CIDR address in pg_hba.conf Tom Lane <[email protected]> 2011-06-10 00:42 ` Re: CIDR address in pg_hba.conf Bruce Momjian <[email protected]> 2011-06-13 17:19 ` Re: CIDR address in pg_hba.conf Robert Haas <[email protected]> @ 2011-06-14 00:58 ` Bruce Momjian <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Bruce Momjian @ 2011-06-14 00:58 UTC (permalink / raw) To: Robert Haas <[email protected]>; +Cc: Tom Lane <[email protected]>; Fujii Masao <[email protected]>; pgsql-docs Robert Haas wrote: > On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <[email protected]> wrote: > > Tom Lane wrote: > >> Fujii Masao <[email protected]> writes: > >> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html > >> >> An IP address is specified in standard dotted decimal notation with > >> >> a CIDR mask length. The mask length indicates the number of > >> >> high-order bits of the client IP address that must match. Bits to the > >> >> right of this must be zero in the given IP address. > >> > >> > Is the last statement correct? When I specified the following setting > >> > in pg_hba.conf, I could not find any problem in PostgreSQL. > >> > >> > ? ? host ?all ?all ?192.168.1.99/24 ?trust > >> > >> > As far as I read the code, those bits seem not to need to be zero. > >> > Attached patch just removes that statement. > >> > >> Even if it happens to work that way at the moment, do we want to > >> encourage people to depend on such an implementation artifact? > >> > >> IOW, if you read "must" as "if you want to trust it to work in future > >> versions, you must", the advice is perfectly sound. > > > > Should we use "should"? > > +1. Thanks for the feedback. Patched in head and 9.1. -- Bruce Momjian <[email protected]> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + ^ permalink raw reply [nested|flat] 6+ messages in thread
end of thread, other threads:[~2011-06-14 00:58 UTC | newest] Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2011-06-06 16:31 CIDR address in pg_hba.conf Fujii Masao <[email protected]> 2011-06-06 16:56 ` Tom Lane <[email protected]> 2011-06-06 17:27 ` Fujii Masao <[email protected]> 2011-06-10 00:42 ` Bruce Momjian <[email protected]> 2011-06-13 17:19 ` Robert Haas <[email protected]> 2011-06-14 00:58 ` Bruce Momjian <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox