Despite claims to the contrary Joomla 1.5 does have an ACL system. It may be rudimentary but when fully understood can be very useful.

To help you I've created a simple table with an overview of who can do what.

NOTE to the accessibility mafia - yes its a table. This is an example of the correct use of a table as it is presenting tabular data. In addition the table has been created with header and id attirbutes to aid screen readers.

This chart is also available in Italian at www.joomla.it

It should be obvious but it seems that people need a reminder.

You should only ever download files from their original source!! If you don't how will you ever be certain that what you are downloading is the real deal and doesnt have some hidden backdoor.

Not long ago a new version of wordpress was released at www.wordpresz.org which wasn't actually the real deal.

Don't fall into the same trap!.

Luckily if for any reason you have downloaded Joomla from somewhere other that the official site you can do an MD5 check on the download and compare it with the master MD5 list at joomla.org

Phil Taylor today provides a helpful guide to checking the MD5 at his blog.

As Phil mentions many of us, including all my Debian friends, have long advocated the GPG signing of Joomla and it's extensions.

With GPG keysigning you can not only confirm that the file you are downloading is the "real deal" and has not been tampered with you can also create a circle of trust.

I should add that even if you are doownloading a file from a "trusted source" you should still check the MD5. I have seen a trusted source get hacked and it's master files modified without the site owners knowledge. Fortunately that site owner pubished the MD5 so it was quickly detected.