5.1 Security Considerations for Implementers

Implementers MUST take care to enforce the read/write permissions, as specified in section 3.1.4.21, to prevent unauthorized access to event logs.

Servers SHOULD authenticate the caller and verify that the caller has proper access before returning a handle. When the handle is subsequently used, the server SHOULD verify that the client created the handle, that it was created by a method of this interface, and that the handle is appropriate for the operation.