in reply to Re: CGI and saving passwords
in thread CGI and saving passwords

No matter how you slice it, your apache process must be able to read the passwords to verify them. And it must be able to read your script. So even if you encrypt your passwords to protect them, the bad guys can just read your script, and use that to decypt the passwords.
No, passwords can be "encrypted" with a one-way hash function, like crypt(3) or MD5. That's how the Unix /etc/passwd file works. The plaintext password are hashed and compared with the stored encrypted password.

In Section Seekers of Perl Wisdom