Since you are using CGI, you may as well use the CGI HTML generating functions, too. 
#!/usr/bin/perl -wT
use strict;
use CGI::Pretty qw( :standard );

my ( $p, $password );

$p="howdy";
$password=param('password');

' Here's where we taint check.  $password is undef
' if it doesn't match the regex
( $password ) = ( $password =~ /^(\w+)$/ );

if (defined $password and $p eq $password) {
    print header,
          start_html( -title   => 'Password Check',
                      -BGCOLOR => 'navy',
                      -text    => 'white' ),
          h1( 'It worked' ),
          hr(),
          br(),
          end_html;
} else {
    print header,
          start_html( -title   => 'Password Check',
                      -BGCOLOR => 'orange' ),
          h1( 'Loser -- Try Again' ),
          hr(),
          br(),
          end_html;
}

[download]
If you enter a valid password, the following is output: 
<!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><title>P
+assword Check</title>
</head><body text="white" bgcolor="navy">
<h1>
        It worked
</h1>
<hr><br></body></html>

[download]
Once you get used to them, they are very handy.

Incidentally, anyone know why <hr> and friends aren't represented as <hr />? I thought those were necessary for valid XHTML (though I know this is transitional, I still thought it was done that way). I am using CGI.pm 2.74.

You questions were:

  1. What are some basic things I can do to make this script more secure?

    Read perlre. You can also read through <shameless plug>this incomplete CGI course</shameless plug> for more information on security.

  2. If need be, would it be wise to use this script on a business web site?

    No. It's a bad security model. See link in question #1 for more info.

  3. Lastly, is it a wise decision to have the actuall password name in the script or should I call it from a txt file (or something else)?

    Read the link that tinman listed. It looked pretty good (though I just scanned it, so take me with a grain of salt).

I hope these comments don't seem discouraging. You're asking the right questions :)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

In reply to (Ovid - why not use the CGI HTML functions?) Re: CGI Password by Ovid
in thread CGI Password by bmhm

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.