Re: CIDR address in pg_hba.conf

On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <bruce@momjian.us> wrote:
> Tom Lane wrote:
>> Fujii Masao <masao.fujii@gmail.com> writes:
>> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> >> An IP address is specified in standard dotted decimal notation with
>> >> a CIDR mask length. The mask length indicates the number of
>> >> high-order bits of the client IP address that must match. Bits to the
>> >> right of this must be zero in the given IP address.
>>
>> > Is the last statement correct? When I specified the following setting
>> > in pg_hba.conf, I could not find any problem in PostgreSQL.
>>
>> >     host  all  all  192.168.1.99/24  trust
>>
>> > As far as I read the code, those bits seem not to need to be zero.
>> > Attached patch just removes that statement.
>>
>> Even if it happens to work that way at the moment, do we want to
>> encourage people to depend on such an implementation artifact?
>>
>> IOW, if you read "must" as "if you want to trust it to work in future
>> versions, you must", the advice is perfectly sound.
>
> Should we use "should"?

+1.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company