On Tue, Jun 7, 2011 at 1:56 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Fujii Masao <masao.fujii@gmail.com> writes:
>> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>>> An IP address is specified in standard dotted decimal notation with
>>> a CIDR mask length. The mask length indicates the number of
>>> high-order bits of the client IP address that must match. Bits to the
>>> right of this must be zero in the given IP address.
>
>> Is the last statement correct? When I specified the following setting
>> in pg_hba.conf, I could not find any problem in PostgreSQL.
>
>> host all all 192.168.1.99/24 trust
>
>> As far as I read the code, those bits seem not to need to be zero.
>> Attached patch just removes that statement.
>
> Even if it happens to work that way at the moment, do we want to
> encourage people to depend on such an implementation artifact?
>
> IOW, if you read "must" as "if you want to trust it to work in future
> versions, you must", the advice is perfectly sound.
Okay. Sounds reasonable. I drop the patch.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center