Internet security
The last ring is the outside world, that is, the Internet. Generally speaking, we don't want to expose our MariaDB database server directly to the Internet ever. It's not that MariaDB is especially vulnerable, any more than any other piece of software, it's just that it's never necessary to expose it to the Internet and part of good security is to not expose something unless we have to (in the same way that a poker player doesn't want to reveal his hand to the other players). When MariaDB is running on a web server, the web server software can connect directly with no need for a network connection. If our MariaDB server is separate from our web server, then we can almost always connect the two of them together over our internal network and, if not, we can set up some sort of secure tunnel between the two.
Note
If you do think you've found a legitimate reason to expose your MariaDB server to the entire Internet, I strongly encourage you to talk with one of the many fine MariaDB...
