Update: spelling
Greetings
First if you need directions you are going to have to give us more informations:
When you say log in, what kind of login do you mean,

• Login with ssh?
• Login on a web service?

Thanks for your reply. Sorry to hear that your brain is not properly equipped for my needs! (Actually, thanks for taking the time to answer my poorly phrased question in a sensible fashion!).

I replied to jonadab as he rather hit the nail on the head regarding public accessibility of the files. I'd be grateful if you would take a look and let me know what you think about my idea as a workaround, and perhaps see if there is a better way of doing it?

If you are talking about a web(dav) folder on a webserver, I've used TinyAuth with good effect as a minimalistic access control.

My plan to leverage the idea of TinyAuth and to combine it with OAUTH 2 so that people can "log in with Facebook" (etc.) failed because one would have to register every instance of the TinyAuth application with Facebook and all the other suppliers one would want to support. I did not find a convenient way to automate registering an application with all those providers.

What would stop the user from bypassing the authentication by simply not using your Perl interface at all, accessing the files directly with some other software? I'm assuming you have something in mind for this, but I don't know what it is. Are the files encrypted? Owned by root and chmod ugo-rwx? Not stored at all except in process memory? Your Perl interface will need to take this stuff into account and might need to be completely different depending on the answer. One person who already replied is assuming that the data are on a remote server. That would lead to a completely different Perl interface than most of the other cases. We can't really advise you very well on how to do what you want without knowing more about what exactly it is that you want to do.

Thanks, this is a great reply. I'm sorry the question was badly phrased and I'm grateful for the thoughtfulness of most of the responses.

The files are on a remote server and this is for users of a web site. The files are industry specific and not of interest to most of society, but should be kept confidential. Therefore I think a level of obfuscation would be sufficient, rather than a need for high level out and out security.

I have the login and file listing part of the service, and what I'm thinking about doing is creating a cron which periodically creates a new name for the folder, and records it in a db. The loading script uses that record to create the link, and there is a web page or ajax refresh of the links to keep them updated on the page.

I think this would be quite efficient in terms of preventing the file links from being shared between interested parties, however I'm sure that there are probably more efficient processes I could use. I would be interested in knowing yours and other thoughts on this?

have a look at Apache::OneTimeURL as this seems to fit your needs and is quite simpler than what you proposed, you will need an apache server but you wont need a database

In general terms, what is the best way of doing this please?

Just do it

I suppose you work for Nike?

I suppose you work for Nike?

No, I work for you. In general terms the best way to do something is to always just do it. Now you know.