Hello,
I and a friend are trying to develop an exchange, at last to learn how it works.
At moment, we are using bitcoinjs-lib.
1) An exchange creates a wallet per user ? Or does it have a single wallet which makes all transactions ?
I don't work at an exchange. However, I can safely tell you that any exchange will not attempt to make a wallet for every user. The sheer amount of resources required will make in unfeasible.
2) If the exchange keeps a wallet per user, how can it protect the user's private key in case of unauthorised access in database ? Crypt and decrypt it with user's password is an option, but it implies in ask for password every transaction.
Regards,
If there is an unauthorised access to the server, the password would probably be captured anyways. In most cases, the funds are sent from a hot wallet that can be refilled from a cold wallet.