If you want to hide the specific contents of the parameters, then just don't send them. Create an opaque token (say a random sequence of digits, or run the serialized contents of the real parameters through Digest::SHA1) and send the token back as the sole parameter. Then map that token back to the information on the server side and process it as needed.