Have both the script and the program construct a unique string by combining the time, details of the request, and a hidden password. Then use Digest::MD5 to produce an encrypted signature for that string. Have the client send that signature in the request. Have the server check the signature and refuse to do anything if it doesn't match.

If you make the timestamp have a high resolution (like down to the second), then the server should check several possible seconds for a match, to take into account the possibility of the request taking time, or the two clocks not matching perfectly.

You might also want to use https for further privacy.