Is there a commonly-used way to password-protect a CGI program other than using a .htaccess file? I have written a Perl program to update a MySQL database. Authorized, non-technical users will be the users. Because maintaining .htaccess files is a bit of a pain (no easy way to change or reset passwords), I'd like to try something different.

If you let Apache do the authentication and authorization, your CGI app has a lot less to think about and is generally going to run faster (always a plus when dealing with vanilla CGI). Apache can be made to use DBM files and even MySQL tables instead of flat text files. The Apache module that uses MySQL tables is mod_auth_mysql

The problem with this approach is that everytime a user wants a restricted page, the auth/authz phase has to frob the DB server again. If you have a busy site, this will become a bottleneck for you. At that point, you should look into a ticket-based authentication system that only queries the DB once per session and uses HTTP cookies for authentication in subsequent requests. There is a mod_perl solution available on CPAN that I recommend for this very purpose called Apache::AuthCookie.

In general, if Apache gives you functionality for free, it's best to figure out how to leverage that. Not only will you get better performance, you're likely to encounter fewer bugs (freeing you to create new ones in your own code :-).