database design – Databse-Server connection to public Internet is unsercure

I know that a databse connection to the public internet is a “no-go” and connected with a lot of threats.
The best practice would for example be an application server but my question now is, does anyone know official sources where the threats of a public databse connection is described or why it should not be done?