Yukihiro Matsumoto wrote:

>|We are using the following code to send email messages from an online form
>|on our web site:
>|
>|   Net::SMTP.start('localhost', 25) {|smtp|
>|    smtp.sendmail(message, @from, @to)
>|   }
>|
>|The values of @from and @to are taken directly from their cgi.params values
>|with basically no modification. Is it possible for someone to exploite this
>|as a security vulnerability? Could someone use it to send email to multiple
>|addresses?
>
>Check will be added.  Thank you. 
>
Can you elaborate on what this addition will do? I frequently use 
smtp.sendmail with multiple 'to' addresses.

-- 

Chris
http://clabs.org/blogki