[DOCS] CIDR address in pg_hba.conf
Hi, http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html > An IP address is specified in standard dotted decimal notation with > a CIDR mask length. The mask length indicates the number of > high-order bits of the client IP address that must match. Bits to the > right of this must be zero in the given IP address. Is the last statement correct? When I specified the following setting in pg_hba.conf, I could not find any problem in PostgreSQL. host all all 192.168.1.99/24 trust As far as I read the code, those bits seem not to need to be zero. Attached patch just removes that statement. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center *** a/doc/src/sgml/client-auth.sgml --- b/doc/src/sgml/client-auth.sgml *** *** 231,238 hostnossl database user An IP address is specified in standard dotted decimal notation with a CIDR mask length. The mask length indicates the number of high-order bits of the client !IP address that must match. Bits to the right of this must !be zero in the given IP address. There must not be any white space between the IP address, the /, and the CIDR mask length. --- 231,237 An IP address is specified in standard dotted decimal notation with a CIDR mask length. The mask length indicates the number of high-order bits of the client !IP address that must match. There must not be any white space between the IP address, the /, and the CIDR mask length. -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
Re: [DOCS] CIDR address in pg_hba.conf
Fujii Masao writes: > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html >> An IP address is specified in standard dotted decimal notation with >> a CIDR mask length. The mask length indicates the number of >> high-order bits of the client IP address that must match. Bits to the >> right of this must be zero in the given IP address. > Is the last statement correct? When I specified the following setting > in pg_hba.conf, I could not find any problem in PostgreSQL. > host all all 192.168.1.99/24 trust > As far as I read the code, those bits seem not to need to be zero. > Attached patch just removes that statement. Even if it happens to work that way at the moment, do we want to encourage people to depend on such an implementation artifact? IOW, if you read "must" as "if you want to trust it to work in future versions, you must", the advice is perfectly sound. regards, tom lane -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
Re: [DOCS] CIDR address in pg_hba.conf
On Tue, Jun 7, 2011 at 1:56 AM, Tom Lane wrote: > Fujii Masao writes: >> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html >>> An IP address is specified in standard dotted decimal notation with >>> a CIDR mask length. The mask length indicates the number of >>> high-order bits of the client IP address that must match. Bits to the >>> right of this must be zero in the given IP address. > >> Is the last statement correct? When I specified the following setting >> in pg_hba.conf, I could not find any problem in PostgreSQL. > >> host all all 192.168.1.99/24 trust > >> As far as I read the code, those bits seem not to need to be zero. >> Attached patch just removes that statement. > > Even if it happens to work that way at the moment, do we want to > encourage people to depend on such an implementation artifact? > > IOW, if you read "must" as "if you want to trust it to work in future > versions, you must", the advice is perfectly sound. Okay. Sounds reasonable. I drop the patch. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
