The following bug has been logged online:
Bug reference: 4433
Logged by: security improvement proposal: pg_hba.conf and CIDR
mask
Email address: marc@intershop.de
PostgreSQL version: 8.2.4
Operating system: Linux
Description: entries like "host all all 10.0.50.31/0 ..."
should not be allowed or trigger a warning
Details:
Hello,
not really a bug, but a possible security issue for wrongly configured
installations.
A CIDR mask length of 0 will allow to connect from any location. I did this
mistake as I didn't read the documentation carefully enough.
Checking the mask against the IP address would prevent such errors:
/0 : disallow ?
/24 : IP must ends with .0
/16 : IP must ends with .0.0
...
HTH,
Marc Mamin