One thing you are not doing is using any type of locking in this module. This can present a race condition if more than one instance of this script is running at the same time. This can be a common mistake, and may not be so horrible when this wipes out someones hit counter, but a password file is something different. Take a look at MJD's Perl Hardware Store talks at http://conferences.oreilly.com/cd/perl3/presentations/mdominus/HARDWARE1/slide020.html (and a few slides after that one).

You may also want to consider having the module import and use some of the methods from Apache::Htpasswd, which already has a locking scheme.

Another possible problem is that you do not re-read the password file before writing it. If you script opens the file, and while it does other things another process writes to the file, you will wipe out whatever changes were made. The DESTROY function should only change what is needed, as opposed to writing out whatever you have saved. Consider this:

• * Tie::Htpasswd reads in the file data in TIEHASH
• * someone runs htpasswd and adds a new user or two
• * Tie::Htpasswd::DESTROY() is called, and rewrites the file with the data based on what was read in in TIEHASH.
• * Data is now not what it should be.