BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning

Поиск
Список
Период
Сортировка
От security improvement proposal: pg_hba.conf and CIDR mask
Тема BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning
Дата
Msg-id 200809230944.m8N9iOIL094901@wwwmaster.postgresql.org
обсуждение исходный текст
Ответы Re: BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning  (Craig Ringer <craig@postnewspapers.com.au>)
Re: BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning  (toruvinn <toruvinn@lain.pl>)
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged online:

Bug reference:      4433
Logged by:          security  improvement proposal: pg_hba.conf and CIDR
mask
Email address:      marc@intershop.de
PostgreSQL version: 8.2.4
Operating system:   Linux
Description:        entries like "host    all       all   10.0.50.31/0  ..."
should not be allowed or trigger a warning
Details:

Hello,

not really a bug, but a possible security issue for wrongly configured
installations.

A CIDR mask length of 0 will allow to connect from any location. I did this
mistake as I didn't read the documentation carefully enough.

Checking the mask against the IP address would prevent such errors:

/0 : disallow ?

/24 : IP must ends with .0
/16 : IP must ends with .0.0
...

HTH,

Marc Mamin

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: BUG #4431: cannot pg_restore from pg_dump --format=c
Следующее
От: Craig Ringer
Дата:
Сообщение: Re: BUG #4433: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning