Yes, unsafe, alternatives
1. set up a VPN, access to the muscle from the outside only via vpn, not directly (cut in iptables)
2. (I use it myself) let developers with port forwarding via ssh. I set up a putty (batch file):
putty.exe -ssh [email protected] -L 3396:localhost:3306
as a result, any convenient and familiar software can be used on the computer by specifying
127.0.0.1:3396 as the database server, from the server side they look like connections from localhost
On the server, create a separate user with minimal rights - he does not even have to enter the shell, only reach the local socket, plus set up certificate authorization for complete convenience.
an additional bonus - using the "-C" key will also compress the data, which can have a pleasant effect on the transfer rate of well-compressible data.

In the my.cnf file, you can set a list of white external ips that can communicate with the database on this server, so open the port, enter the ip of the required servers and that's it

Not

It is not safe to open ports in general.
There are several options
1. Forward the tunnel, so that ssh very easily throws tunnels on ports.
2. treat programmers it is unlikely that they need access to the database directly, rather they do not know how to use banal ssh
3. Open it on the external side with the obligatory indication of the only IP from which it is possible to do this, and, accordingly, remove it as soon as you finish.

I always forward the sweat through ssh, it's very convenient and there are no problems on the server