You may want to limit the power of your custom handler. To do this, you can incorporate code that diminishes its power by, for example, impersonating a Windows NT® account that has fewer permissions.
One way to accomplish this is to implement your handler (COM object) as a Microsoft Transaction Server (MTS) object. In addition to providing support for database transactions, MTS also can act as a process manager for in-process COM objects. You can use MTS to specify that your object is always to run under a specific Windows NT security account – one that has sufficiently low privileges for your application.