I'd do something similar to what TedPride suggests (I agree that there's no need to involve a DBMS in this), except that I'd make a subroutine for the purpose of computing $hash, since the code will need this computation at least at two different places in the program: 1) to create the $hash, and 2) to test that the $hash and $exp parts of a requested URL match. Also, instead of having $url point to a regular HTML page, I'd make it point to a CGI script that served the page if requested before the URL-encoded expiration date.

Alternatively, you could devise a simple encoding/decoding scheme to encrypt or at least obfuscate the expiration time. Here's one.

package My_Enc_Dec;
use strict;
use warnings;
use base 'Exporter';
our @EXPORT_OK;

{
  my $passphrase;
  BEGIN { $passphrase = 'choose something better'; }
  use Crypt::RC4;
  use MIME::Base64;

  push @EXPORT_OK, 'enc';
  sub enc {
    ( my $ret = encode_base64( RC4( $passphrase, shift ))) =~ s/==\n$/
+/;
    return $ret;
  }

  push @EXPORT_OK, 'dec';
  sub dec {
    return RC4( $passphrase, decode_base64( shift ));
  }
}

1;
__END__
# ............................................................
# link-generating code
use strict;
use warnings;
use My_Enc_Dec 'enc';
my $url  = 'http://www.domain.com/cgi-bin/fetch.pl';
my $exp  = enc( time + 60*60*24 );
my $link = "$url?$exp";

# ............................................................
#!perl
# fetch.pl
use strict;
use warnings;
use CGI;
use My_Enc_Dec 'dec';

my $exp = dec( param( 'keywords' ) );
time <= $exp or have_a_cow();
[download]

This particular encoding/decoding scheme is not necessarily the best (on the one hand, it may be overkill as far as obfuscating the expiration time goes, and on the other, you may be able to find a enc/dec module in CPAN that provides both adequate encryption/obfuscation and nice alphanumeric output in one swoop), but it gives you an idea of a general approach.