Tom Lane wrote: > Fujii Masao <[email protected]> writes: > > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html > >> An IP address is specified in standard dotted decimal notation with > >> a CIDR mask length. The mask length indicates the number of > >> high-order bits of the client IP address that must match. Bits to the > >> right of this must be zero in the given IP address. > > > Is the last statement correct? When I specified the following setting > > in pg_hba.conf, I could not find any problem in PostgreSQL. > > > host all all 192.168.1.99/24 trust > > > As far as I read the code, those bits seem not to need to be zero. > > Attached patch just removes that statement. > > Even if it happens to work that way at the moment, do we want to > encourage people to depend on such an implementation artifact? > > IOW, if you read "must" as "if you want to trust it to work in future > versions, you must", the advice is perfectly sound.
Should we use "should"? > >> right of this should be zero in the given IP address. -- Bruce Momjian <[email protected]> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
