Thanks, this is a great reply. I'm sorry the question was badly phrased and I'm grateful for the thoughtfulness of most of the responses.
The files are on a remote server and this is for users of a web site. The files are industry specific and not of interest to most of society, but should be kept confidential. Therefore I think a level of obfuscation would be sufficient, rather than a need for high level out and out security.
I have the login and file listing part of the service, and what I'm thinking about doing is creating a cron which periodically creates a new name for the folder, and records it in a db. The loading script uses that record to create the link, and there is a web page or ajax refresh of the links to keep them updated on the page.
I think this would be quite efficient in terms of preventing the file links from being shared between interested parties, however I'm sure that there are probably more efficient processes I could use. I would be interested in knowing yours and other thoughts on this?