The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/10/bug-reporting.html
Description:
pg_stat_statements is recording passwords also, is there any way to avoid
the logging of passwords without droping extension package.
testdb=> create user test1 with password 'test123';
CREATE ROLE
testdb=> create user test2 with encrypted password 'test123';
CREATE ROLE
test=> select query from pg_stat_statements where query like '%test%';
query
-----------------------------------------------------------
create user test1 with encrypted password 'test123'
create user test2 with password 'test123'
edbss=> drop extension pg_stat_statements;
DROP EXTENSION
