I want to use PostgREST. It looks save my time a lot. I am worried about the security issues. If anybody has ideas for this, it will be so helpful for me.
You don't need to protect PostgREST from sql injection since it sanitises all user input. We also ran an automated sql injection detection tool against postgrest and it did not detect anything.
If you still feel uneasy, you can use a WAF solution like https://github.com/p0pr0ck5/lua-resty-waf