I know that, to add remote authentication, I should add a allowHosts attribute in the config.xml.
And the mask for a quad in an IP address is 0.  It made me confused in some situation.  Say I want to allow all the hosts with IP address like 192.168.0.*.  So,  the mask should be <attribute name="allowHosts"></attribute>.  But my understanding is, to config this way, all the hosts like 192.168.*.* will be allowed.  That may cause some security issue.

Is my understanding right? Could some one elaborate the mechanism of  the mask for allowHosts attribute?