README.md in rack-simple_auth-0.0.3 vs README.md in rack-simple_auth-0.0.4

- old
+ new

@@ -27,10 +27,16 @@
 
 ## Usage
 
 ### HMAC Authorization
 
+HMAC should be used for communication between website backend and api server/controller/whatever..
+For usage between Server <-> Client a sniffer could easily extract the signature/public key and 
+the encrypted message which is for now the same for the same request (see TODO implement timestamp).
+
+With these 2 informations a "secure" backend could be easily seen public...
+
 Uses Authorization HTTP Header, example:
 ```Authorization: MessageHash:Signature```
 
 - Signature is the "Public Key"
 - MessageHash is the HMAC encrypted Message
@@ -45,17 +51,18 @@
   'PUT' => 'path',
   'PATCH' => 'path'
 }
 
 map '/' do
-  use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config
+  use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config, '/path/to/log/file'
   run MyApplication
 end
 ```
 
 Note: Private Key and Signature should be served by a file which is not checked into git version control.
 
+
 #### Config Hash
 
 Via the config hash you are able to define the 'data' for each request method.<br />
 This data + HTTP Methodname is your Message what will be encrypted.<br />
 
@@ -69,21 +76,34 @@
 
 ```ruby
 message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
 ```
 
+#### Logging
 
+With the 4th parameter for Rack::SimpleAuth::HMAC you can define a destination where the internal #log method should write to.
 
+The Logging will only be triggered when a path is defined (leave 4th param for disable logging) and a request is not authorized!
 
+It contains following information:
+
+- HTTP_AUTHORIZATION Header
+- Config for the specific Request Method (GET => path etc ...)
+- The Encrypted Message which was expected
+- The Signature which was expected
+
+## TODO 
+
+Add Timestamp to encryption..
+
+For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.
+
+He got the encrypted message for the specific request && signature -> No security anymore...
+
 ## Contributing
 
 1. Fork it ( http://github.com/benny1992/rack-simple_auth/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
-
-
-
-
-
 