Received: from maia.hub.org (maia-2.hub.org [200.46.204.251]) by mail.postgresql.org (Postfix) with ESMTP id E7E7DB5DBD8 for ; Mon, 13 Jun 2011 14:19:39 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia, port 10024) with ESMTP id 46042-07 for ; Mon, 13 Jun 2011 17:19:33 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-px0-f174.google.com (mail-px0-f174.google.com [209.85.212.174]) by mail.postgresql.org (Postfix) with ESMTP id 5024CB5DBD7 for ; Mon, 13 Jun 2011 14:19:33 -0300 (ADT) Received: by pxi15 with SMTP id 15so3253471pxi.33 for ; Mon, 13 Jun 2011 10:19:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=AA+weN9+mUXu4Z9K+w/R/kqiPJDIZGDQsJ1mKCaiPUo=; b=NNaHfh2phSQs285L8khcp6z1b82wRLzPyhlMBjvTeAbEd5MUmBzG8G+FB0PReP3mI1 bd5BoCiDFQZfg1eGvD4N7/ptt9QSTU9gzI4myK7Um2Doi4V3fu5sSQ11gZh0vf3r24Yf aNDxADApybu5U1OTCmyBbyc930JrhQrtFxjiU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=EMvP21VqXnJ/cd/i8anO7oef9mWQLI9cY+O4uXEQwkPOfCkraVaOrbsMTf8gUOOjlG EmOvM/Hutrxj2yKoJgjeH3o9YjT5S768N/dPVRx9E7cA3GNb27nwt6CKWM50uN6Xj1Tv sznV2mqAtxkd0ah48inR8ZuAVxA7PJkik9QgY= MIME-Version: 1.0 Received: by 10.68.9.231 with SMTP id d7mr1976803pbb.111.1307985572387; Mon, 13 Jun 2011 10:19:32 -0700 (PDT) Received: by 10.68.56.70 with HTTP; Mon, 13 Jun 2011 10:19:32 -0700 (PDT) In-Reply-To: <201106100042.p5A0gAw27314@momjian.us> References: <8795.1307379385@sss.pgh.pa.us> <201106100042.p5A0gAw27314@momjian.us> Date: Mon, 13 Jun 2011 13:19:32 -0400 Message-ID: Subject: Re: CIDR address in pg_hba.conf From: Robert Haas To: Bruce Momjian Cc: Tom Lane , Fujii Masao , pgsql-docs Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=0.002 tagged_above=-5 required=5 tests=FREEMAIL_FROM=0.001, RFC_ABUSE_POST=0.001 X-Spam-Level: X-Archive-Number: 201106/48 X-Sequence-Number: 6822 On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian wrote: > Tom Lane wrote: >> Fujii Masao writes: >> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html >> >> An IP address is specified in standard dotted decimal notation with >> >> a CIDR mask length. The mask length indicates the number of >> >> high-order bits of the client IP address that must match. Bits to the >> >> right of this must be zero in the given IP address. >> >> > Is the last statement correct? When I specified the following setting >> > in pg_hba.conf, I could not find any problem in PostgreSQL. >> >> > =A0 =A0 host =A0all =A0all =A0192.168.1.99/24 =A0trust >> >> > As far as I read the code, those bits seem not to need to be zero. >> > Attached patch just removes that statement. >> >> Even if it happens to work that way at the moment, do we want to >> encourage people to depend on such an implementation artifact? >> >> IOW, if you read "must" as "if you want to trust it to work in future >> versions, you must", the advice is perfectly sound. > > Should we use "should"? +1. --=20 Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company