I just try to understand the process of deploying enterprise apps.
My app is on a webserver which is accessable from the outside as well, which gives me the possibility to install the app at home. This seems like a security breach for Apple, I mean anyone could make a website which offers enterprise apps to any device. What is the limitation here ?
I couldn't find any information about this in the apple documentation, an official link would be great.
There is no limitation You shouldn't distribute the app to people who doesn't work in your enterprise, but apple can't control it. (to be clear, they can know if you are using the certificate, but they can't know if the people who installs the app work for you)
The only "limitation" is the fear to be discovered by apple because they will delete your account.
BTW, the security breach isn't for apple, it's for you, you should use a password in your webserver
From the Distributing Enterprise Apps Guide:
Requirements: A secure web server that authenticated users can access