Sorry - more questions from ignorance!
I’m hosting a few typo blogs for fun. I have an ADSL line, a domain
and a spare Mac OS X box. I would like to ensure that I’m not
opening up some nightmare security hole on my network.
-
My db is Postgres which runs under an unprivileged user, u1.
-
My typo install folders are owned by an unprivileged user, u2 ,
which also runs my mongrel instances, which listen only on localhost
defined ports. -
My apache install runs under an unprivileged user, u3, which
proxies to the mongrel cluster. -
My firewall is closed to inbound traffic except for my apache port 80.
Does this sound like a sensible scheme? Any gapingly obvious holes?
Anything else I should be doing? I’m completely not a sysadmin
expert, so I probably can fool around enough to be very dangerous 
Many thanks,
Nick