I've used HTTPD::UserAdmin (alt.) and the User Manage CGI it comes with quite successfully in the past, but a quick peek on CPAN turns up Apache::Htpasswd (alt.) as another candidate.

As for "updateable but not viewable", a good practice is to locate the .htpasswd file outside your HTML tree so they can't be accessed directly with a web browser.

    --k.

Going slightly offtopic however... Apache at least can (and should) be configured to deny viewing of .ht* files. The apache httpd.conf (or your local over-ride if allowed) needs a section like

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</files>
[download]

Which disallows download (view) of all files beginning with .ht See Module mod_access for more information.

--
my $chainsaw = 'Perl';

hint - there's a little box at the top of the page with the word search after it. It's amazing what you can find if you type words like htaccess or htpasswd in it.

cLive ;-)

Update: Sorry if this sounds rude - just noticed this was your first post, so pretend the tone above is a little friendlier :) But please, use search before posting, and use Super Search as well (hidden away under the Leftovers heading on the right hand bar)

--
seek(JOB,$$LA,0);

since perl runs as a normal user

Eh? Why are you doing that? perl ought to run as the same uid as the webserver runs under. Is your script setuid? You shouldn't be doing that.

Abigail