I have only just started tinkering with WP code and just from quickly reading the docs and playing with the source for the last 45 minutes.
I would say it's possible but would require some interesting work arounds.
1. Files do not appear to be stored in database but instead in publically accessible folders wp-content/uploads to be exact.
2. WP has quite an extensive API so one should be able to call:
Assuming one of the API functions returns the user ID of the currently logged in individual -- which I am willing to bet one does.
This code would be relatively trivial to implement in the template using the above API. The problem is, the files are publically available/accessible so anyone could access that file.
I see two ways around that:
1. Each page/post would have its associated owner and would need to use a template with a list of client ID's allowed to access the content and attached files. Because files need to be publically accessible (otherwise they would have to login again with .htaccess) you could maybe use random names which are not easily guessed or copied.
This is of course not bullet proof because if Apache is configured to show directory listings and the directory doesn't have a index.html your files are shown anyways.
2. The better approach but more difficult would be to .htaccess the directory and use a proxy script to actually fetch the files and have the same checks as the template does to verify that the file is allowed to be viewed by allowed members only.
Here is the problem with the above approach. When you insert the link to the file using the image browser the files are accessed via HTTP so the .htaccess login prompt would be visible. You would need to hack WP to use the proxy script as well and then the checks are unnessecary from the admin backend. But you could probably avoid hacking WP actually by using some mod_rewrite trickery to have requests forwarded to the proxy.
Then you could check to see if the user logged in is admin in which case checks are ignored...and the file is simply returned.
Hmmm...yea sorry for babbling...just putting it out there. If anyone has any critique for my approach and it's validity I'd love to hear it...as I begin to poke around the WP codebase.