General questions OTA deployment

I expand a bit, maybe I have the wrong understanding.

Using Testflight the app is secure, it can only be downloaded by internal and external users.

I developed the under a personal ($99) developer license.

In the App Store all apps are public by nature, anyone can download the app.

So I recommended Enterprise Developer ($299) to my customer.

To pubish the app I put the ipa, html and plist "on a secore server ?".

App users can then download the app using a URL (sample):

itms-services://?action=download-manifest&url=https%3a%2f%2fwww.dropbox.com%2fhome%2fMBSBPREQ%2fMBSB_iOS.plist

(Btw, the above link shows as a valid URL on iPhone, it shows as text on iPad 11).

The link is sent by emai to the iPad users (I only use iPad Mini).

What stops users of passing such a link to others ?

Or is there a login mechanism in the secure server which can be used to athenticate users ?

I think I am totally on the wrong track with this.

Please advise if you can.

Tbh I would much prefer to use Testflight permanently but unfortunately the builds expire after 90 days.

Many thanks in advance.

Johan

According to the Enterprise Developer license agreement, it is up to the owner of the Enterprise Developer account to ensure that it is only installed by authorized users (generally their own employees). So you are correct that putting it somewhere that anyone can access it is not a good idea. Even with a login requirement, I guess someone could share their login info, but it if they see the same user name being used for a bunch of installs, they could take appropriate action.