Home

callerprovided

Callerprovided refers to data, parameters, or values that originate from the caller (the client or user) rather than the server or system. In software development, distinguishing caller-provided data from server-generated data helps clarify trust boundaries and processing requirements. A field or flag named callerProvided (often seen in APIs, JSON payloads, or configuration objects) indicates that the corresponding value is supplied by the client and should be treated as user input and thus potentially untrusted.

Usage often involves accompanying values that the server should not assume to be correct or safe. The

Security considerations are central to caller-provided data. Because such data can be malicious, all input should

Relation to data provenance: caller-provided data contrasts with server-generated or system-provided data, such as session identifiers,

server
should
validate,
sanitize,
and
possibly
reject
data
that
does
not
meet
required
constraints.
Examples
include
user-submitted
form
data,
client-specified
configuration
options,
or
a
policy
or
record
provided
by
the
caller.
In
some
protocols,
a
boolean
callerProvided
may
indicate
whether
a
given
value
was
supplied
by
the
caller
or
generated
during
processing.
be
validated,
checked
against
a
schema,
normalized,
and
encoded
as
appropriate.
Do
not
rely
on
the
caller
for
correctness
or
safety;
enforce
least
privilege,
apply
proper
encoding,
and
maintain
thorough
logging
for
audit
purposes.
timestamps,
and
internal
records.
See
also
input
validation,
server-side
processing,
data
provenance,
and
data
sanitization.