Newbie Question 3: Secure Typo installation

Sorry - more questions from ignorance!

I’m hosting a few typo blogs for fun. I have an ADSL line, a domain
and a spare Mac OS X box. I would like to ensure that I’m not
opening up some nightmare security hole on my network.

  • My db is Postgres which runs under an unprivileged user, u1.

  • My typo install folders are owned by an unprivileged user, u2 ,
    which also runs my mongrel instances, which listen only on localhost
    defined ports.

  • My apache install runs under an unprivileged user, u3, which
    proxies to the mongrel cluster.

  • My firewall is closed to inbound traffic except for my apache port 80.

Does this sound like a sensible scheme? Any gapingly obvious holes?
Anything else I should be doing? I’m completely not a sysadmin
expert, so I probably can fool around enough to be very dangerous :slight_smile:

Many thanks,