Is creating an internal API within a VPN a recommended practice for securing database access for customer-facing applications?
The InfoSec team of the client I work with has mandated that any customer-facing application’s backend should not directly access the database for that application. They require we create another internal API that is not public and call th…