I am creating stock exchange site. and there is very important information will save in database. so as my title my question is How can i protect my database from Hack? Is there any way to create automatiç backup of every change in databse
In most cases the database can get hacked through unsecured queries called from your scripting language. Treat any data coming from the user as tented.
Well, it's very relative to the programming of the site. Take a look at mysql injection for more info as that is the most common method.
give more info what kind of database? each database have it's own tricks depending on your specific needs... what you just asked is general and it depends on many factors and what really you are protecting? a field in database or table or something like that more info will help to give you a better answer
use PDO binded parameters. you shouldn't create a stocks exchange website with sensitive data without having security concepts though.
Well each database has its own methods and ways, therefore, you need to understand them first. Use session handling feature, if it works.
set the password of the database and create the time session of query index or set SSL certificate on your website
You can schedule daily backups of your databases. To protect your database you must make sure that the queries you send to database are not hackable. It means that when you take user input and use that in a query ( like search etc), then the user is not entering something that can be used to manipulate your database. ESCAPE the data that you use in a query specially if it's coming from a form or querystring. ( "addslashes" is one way ). Take care
Web security is a very complex and intricate thing. If you want to do it right, then consider the following: — Read security guidelines. There are plenty of them, just google. — Actually keep in mind and apply every single thing from these guidelines while developing your website. — Order a security audition of your website and follow their recommendations.
Use --skip-networking for mysql to disable remote connections It will then be restricted your IP itself