What would happen if local.ini were deleted post-install, and all hardening modifications were to default.ini (as I did for the CORS toggle-flip) ?
> Could we rely on the cluster_setup endpoint to secure the instance? > If that is considered to be the first 'mandatory step' of a live > instance, it would be nice as an almost out-of-the-box secure set up. > (Plus, you can always "curl" the endpoint instead of "perl" the local.ini) > > SSL-only is tricky as the http server can't be deactivated in > local.ini but in default.ini (from memory). >
