Achernar - 6:50 pm on Mar 13, 2008 (gmt 0)

The address might be faked ... faked by the user, therefore user-supplied. Do yourself a favor and treat it as such.

Fake IP. So what? It would still be available in this form. It is extracted by apache from the network layer. There is no danger at all to display it, or store it as-is in a database.

This is not entirely true. But don't feel bad

I don't feel bad. I know perfectly well that this option can be activated by other settings. The point is that we were not discussing apache configuration.