While reading the Traning Guide for exam 70-536, written by Tony Northup and friends, I came across the following:
CAUTION - Avoid EventLog objects in partial trust environments
Using EventLog objects in a partial trust environment can cause serious security holes and should be avoided, if at all possible
He basically points out that since EventLogPermission is required for a lot of use of EventLog, this could open up a serious security vulnerability. Erroneous code executed with the permission provided may, for example, disable antivirus programs or spyware detection programs, but make it appear as if it still works. "The potential is endless."
Is this a serious problem?
source
share