To really protect those documents, you'll probably
need to basically re-authorize the user on each
request. You can either roll your own
authentication, or you can use the HTTP basic
If you choose the former, you'll probably want to
have a login screen; then authenticate the user,
set a cookie, and let the user view the documents.
On each request for a document, check for the
authentication cookie: if it exists, let the user
view the doc; if it doesn't exist, make the user
log in again.
If you choose to go with basic authentication,
you'll want to authenticate out of your database,
since you already have the username/password
info in there. Check out Apache::AuthDBI (on
CPAN) for doing basic authentication out of
a database for which you have a DBI driver.