Securing a Perl login script

Actually u can avoid the for loop.

Change: my @pwfile = <PWFILE>;      to    undef($/); my $pwfile = <PWFILE>;

and then, instead of the for loop place this:

     if (
          $pwfile=~m/
               (?:^|(?<=\n))$user:               # Line begins with "$user:".
               (\$1\$.{8}\$)     # Backreference 1: 12 character salt value: "$1$xxxxxxxx$".
               (.{22})               # Backreference 2: 22 character encrypted password.
               (?=$|\n)              # Line ends.
          /ox
          && $1.$2 eq unix_md5_crypt($pass,$1)     # When we match $user, check the password.
     )
     {
          print "Authorized...";     # Do some quick/short stuff here.
          exit;                              # No more need to continue the search.
     }


And, regarding this security, you have done it perfectly.  I'm sorry, I dont see a way to improve that.

You should never change one of Perl's internal variables (like $/) without localising it first

my $pwfile = do { local $/; <PWFILE> }

Dave...

Ah well, the script runs rather well as it is right now.  I made a dummy sample "database".  One run takes less than 0.01 seconds.  I looped it and ran it 1000 times and it ran in 0.39 seconds...so no worries about efficiency at this point. Security is numero uno here.

The main thing that I would change is to put the passwords file in a directory that is not web accessible.  Personally I would put it in a subdirectory of the ~ where the scripts are in a different sub-directory.  I would make sure that the sub s not accessible.