I want to build a smart contract function, which use caller's password as params. I have no knowledge about blockchain security, so I ask the following question:
When calling a smart contract function, do the params record on blockchain?
Further more, what information will record in blockchain if an address calls a function of a smart contract? I think the logs emit by the events must record on blockchain, besides these, anything more? I've learned before that a contract address calling leaves logs on blockchain, but an account address(EOA) calling doesn't. Is it true?
Function parameters are part of the transaction, which is part of the calldata. So calldata is also persisted. Eventhough it is persisted, that doesn't mean it is easily available. Calldata is not indexed, and is not available at runtime. But the data is available to the nodes (for sure to those who runs full node, not sure about the light nodes).
Calldata can be accessed by running a localnode, which means it is not available for any functions at runtime, the only calldata that is available at runtime is the parameters for that particular transaction.
So, if you call a function with a password parameter, someone somewhere can see it for sure.