Added a config var to HGInventoryAccessModule called OutboundPermission that controls whether the sim lets asset POSTs happen to foreign grids or not. It's True by default. If ppl want to allow foreign visitors but don't want to allow any assets out of their grid, they should set this to False. This is the beginning of policies for these things...

OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs

@@ -55,6 +55,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
         }
 
         private string m_ProfileServerURI;
+        private bool m_OutboundPermission;
 
 //        private bool m_Initialized = false;
 
@@ -78,7 +79,10 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
 
                     IConfig thisModuleConfig = source.Configs["HGInventoryAccessModule"];
                     if (thisModuleConfig != null)
+                    {
                         m_ProfileServerURI = thisModuleConfig.GetString("ProfileServerURI", string.Empty);
+                        m_OutboundPermission = thisModuleConfig.GetBoolean("OutboundPermission", true);
+                    }
                     else
                         m_log.Warn("[HG INVENTORY ACCESS MODULE]: HGInventoryAccessModule configs not found. ProfileServerURI not set!");
                 }
@@ -103,7 +107,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
         public void UploadInventoryItem(UUID avatarID, UUID assetID, string name, int userlevel)
         {
             string userAssetServer = string.Empty;
-            if (IsForeignUser(avatarID, out userAssetServer))
+            if (IsForeignUser(avatarID, out userAssetServer) && m_OutboundPermission)
             {
                 Util.FireAndForget(delegate { m_assMapper.Post(assetID, avatarID, userAssetServer); });
             }
@@ -197,7 +201,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
             if (IsForeignUser(sender, out userAssetServer))
                 m_assMapper.Get(item.AssetID, sender, userAssetServer);
 
-            if (IsForeignUser(receiver, out userAssetServer))
+            if (IsForeignUser(receiver, out userAssetServer) && m_OutboundPermission)
                 m_assMapper.Post(item.AssetID, receiver, userAssetServer);
         }
 

bin/config-include/GridCommon.ini.example

@@ -88,6 +88,10 @@
     ; accessible from other grids
     ;
     ProfileServerURI = "http://mygridserver.com:8002/user"
+	;; If you want to protect your assets from being copied by foreign visitors
+	;; uncomment the next line. You may want to do this on sims that have licensed content.
+	; OutboundPermission = False
+
 
 [Modules]
     ;; Choose 0 or 1 cache modules, and the corresponding config file, if it exists.

bin/config-include/HyperSimianGrid.ini

@@ -82,3 +82,14 @@
 
 [Profiles]
     Module = "SimianProfiles"
+
+[HGInventoryAccessModule]
+    ;
+    ; === HG ONLY ===
+    ; Change this to your profile server 
+    ; accessible from other grids
+    ;
+    ProfileServerURI = "http://mygridserver.com:8002/user"
+	;; If you want to protect your assets from being copied by foreign visitors
+	;; uncomment the next line. You may want to do this on sims that have licensed content.
+	; OutboundPermission = False

bin/config-include/StandaloneCommon.ini.example

@@ -33,6 +33,10 @@
 
 [HGInventoryAccessModule]
     ProfileServerURI = "http://127.0.0.1:9000/profiles"
+	;; If you want to protect your assets from being copied by foreign visitors
+	;; uncomment the next line. You may want to do this on sims that have licensed content.
+	; OutboundPermission = False
+
 
 [Modules]
     ;; Choose 0 or 1 cache modules, and the corresponding config file, if it exists.