Here's my problem.

I have a perl script that is accessing a file of encrypted passwords and usernames and then checks a login and password to this file to see if there's a match.

My problem is that this file of encrypted usernames is sensitive information obviously.
I have a line that is something to the effect of:
open(FILE, "</dir/dir/passwordfile");
which gives anyone who looks at the code perfect knowledge of where the file is.

Is there some way that I can obscure or hide this information so that the perlscript can run but I don't have to refer to the direct location of this file??

You would normally put the cgi file in a 'alias or 'virtual' folder ... normally called 'cgi-bin' on your server. This folder actually lives 'above' the root and thus is inaccessible via a browser. Ask your hosters to confirm this folder (or one like it) exists.

You would refer to myfile.cgi on your website by:

http://www.mysite.com/cgi-bin/myfile.cgi

If something typed the above into a browser, (s)he should either be denied access (confirm this with your hosters as well).

But, anyway, if your script was in any folder, typing the filepath into the browser will display the result of the script, not the script itself. Ditto if they looked in their cache.

Well it's not really the cgi that I'm trying to hide. It's the password file that the cgi is having to refer to. The problem is that this cgi exists on a university server. That means that any other person with an account on this server could potentially read this cgi. That means that anyone that can read the code of the cgi could find out the location of the password file. Yes the passwords are encrypted and it would require brute force hacking to get any passwords but in my experience, many students tend to use easily hacked passwords so having the password file easily found is a bad thing.

So what I'm trying to figure out is if there's a way for my cgi to read data from the password file while keeping the location of the password file a bit more discrete.

I don't think you're going to succeed. Nothing on the web is completely secure.

Any method, including the one I described, could be hacked by someone determined enough.

Is there some other server other than the university one that you could put the cgi and password files?

Or what about a database ... that's a bit more secure.

so everyone with an account has read / write / execute on the server? That is highly insecure; think of the damage people can do just with a delete key!
I'd have a word with the network team and get them to change the file permissions on the server.
If you can't get the servers file permissions changed then there is no secure way to do what you want.

Hehe no they definitely don't have write access to the server but obviously they have to have read access or at the very least the web daemon has to have read access.
The problem is that the project is for the university itself so it has to be on the university server. And of course there are 2000+ students with accounts at this university as well. And therein lies the rub. Actually the accounts are not on the web server but the web directories are mounted on the student server so they and faculty and such can publish webpages for their departments and whatnot.

ok so...
Put this code on the server and run it.
This will create a database that only the server has permission to view, so I think this should stop students from being able to copy it or view it.
You connect to it by a hash as shown below.

#!/usr/bin/perl -w

use strict;

dbmopen(my %passwords, 'passfile', 0700) || die "Cannot create database: $!";
$passwords{'scriptage'} = crypt('password','9f');
dbmclose(%passwords);

If you want I have a username / password engine that I created a while ago that makes it really easy to use a dbm file for passwords. If you want it I'll post it.

Regards