I am using Xampp server on my system and by twiking some PHP.INI settings on Xampp server of my system just discoverd that I can include my php files from my remotely hosted site. Although I could not able to access the variable on remote file however I am still scared that a professional hacker can access those variables. I am scared because url shows the path of the file. I know I can hide the extention of the file using .htaccess but still anyone can guess these file type because there are only few types of server side scripts mostly used by webdevelopers. Please let me know if there is any way to prevent including my server files on remote server or the servers which runs on the same server where my site resides or there is nothing to worry about.