Re: Redact user password on pg_stat_statements

> What about a more general solution, such as a flag to turn off logging of ALTER ROLE statements completely?

IMO, flags for a specific type of utility statement seems way too much
for pg_stat_statements, and this will also not completely prevent leaking
plain text passwords from all ways that CREATE/ALTER ROLE could be
run, i.e. DO blocks, inside functions/procs with track=all.

The clients that set passwords could simply turn off track_utility
on a user/transaction level while they are performing the action with
sensitive data.

--
Sami
Amazon Web Services (AWS)