Robert Haas wrote:
> On Thu, Jun 9, 2011 at 8:42 PM, Bruce Momjian <bruce@momjian.us> wrote:
> > Tom Lane wrote:
> >> Fujii Masao <masao.fujii@gmail.com> writes:
> >> > http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
> >> >> An IP address is specified in standard dotted decimal notation with
> >> >> a CIDR mask length. The mask length indicates the number of
> >> >> high-order bits of the client IP address that must match. Bits to the
> >> >> right of this must be zero in the given IP address.
> >>
> >> > Is the last statement correct? When I specified the following setting
> >> > in pg_hba.conf, I could not find any problem in PostgreSQL.
> >>
> >> > ? ? host ?all ?all ?192.168.1.99/24 ?trust
> >>
> >> > As far as I read the code, those bits seem not to need to be zero.
> >> > Attached patch just removes that statement.
> >>
> >> Even if it happens to work that way at the moment, do we want to
> >> encourage people to depend on such an implementation artifact?
> >>
> >> IOW, if you read "must" as "if you want to trust it to work in future
> >> versions, you must", the advice is perfectly sound.
> >
> > Should we use "should"?
>
> +1.
Thanks for the feedback. Patched in head and 9.1.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +