Tom Lane wrote:
In this case what particularly scares me is the idea that 'samenet' might be interpreted to let in a larger subnet than the user expected, eg 10/8 instead of 10.0.0/24. You'd likely not notice the problem until after you'd been broken into ...
I haven't looked at this "feature" at all, but I'd be inclined, on the grounds you quite reasonably cite, to require a netmask with "samenet", rather than just ask the interface for its netmask.
cheers andrew -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers