Fujii Masao <masao.fujii@gmail.com> writes:
> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>> An IP address is specified in standard dotted decimal notation with
>> a CIDR mask length. The mask length indicates the number of
>> high-order bits of the client IP address that must match. Bits to the
>> right of this must be zero in the given IP address.
> Is the last statement correct? When I specified the following setting
> in pg_hba.conf, I could not find any problem in PostgreSQL.
> host all all 192.168.1.99/24 trust
> As far as I read the code, those bits seem not to need to be zero.
> Attached patch just removes that statement.
Even if it happens to work that way at the moment, do we want to
encourage people to depend on such an implementation artifact?
IOW, if you read "must" as "if you want to trust it to work in future
versions, you must", the advice is perfectly sound.
regards, tom lane
