Are there other sources of input to a contract than transaction data or the invocation of other contracts?
I've wondered whether there are other sources of input to a contract than those mentioned above?
If not, how does a contract check for authenticity of the input? Is the calling/called address enough to guarantee that input is only received from those sources?
Yes, aside from transaction parameters and call messages there are also block headers and potentially, very occasionally, protocol changes, usually by hard forks.
Some information from block headers can be read directly by the contract with variables like block.timestamp. You can also get the block.blockhash, which by extension can provide proof of any other data in the block. Data you see here can trusted by contracts to the extent that the protocol is able to enforce them. This can be quite complex - for example see Can a contract safely rely on block.timestamp?
Protocol changes can alter data in storage or the meaning of function calls. They are trusted to the extent that if you didn't think a particular chain using particular software was legitimate then you wouldn't care what result the contract got first place.
are there other sources of input to a contract than those mentioned above?
No. The only way in is a transaction / call by another contract.
how does a contract check for authenticity of the input?
This is done by the miners, and the rest of the network which verifies the correctness of the transaction. You send out a transaction to a smart contract, and by processing the transactions, the above mentioned parties check, if the smart contract actually allowes you to do what you are trying to (e.g. set a String to a certain value) or not.
