The following bug has been logged online: Bug reference: 4433 Logged by: security improvement proposal: pg_hba.conf and CIDR mask Email address: [EMAIL PROTECTED] PostgreSQL version: 8.2.4 Operating system: Linux Description: entries like "host all all 10.0.50.31/0 ..." should not be allowed or trigger a warning Details:
Hello, not really a bug, but a possible security issue for wrongly configured installations. A CIDR mask length of 0 will allow to connect from any location. I did this mistake as I didn't read the documentation carefully enough. Checking the mask against the IP address would prevent such errors: /0 : disallow ? /24 : IP must ends with .0 /16 : IP must ends with .0.0 ... HTH, Marc Mamin -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
