Web Services communicate between servers that listen on specific ports for SOAP messages.

Web Servers are peripheral to Web Services. The servers can reside on the same type of box but a web servers servers web pages while a SOAP server recieves & forwards SOAP messages only.

The SOAP listener sits on a nominated port (which is published in the WSDL definintion for the service being requested) on a tcp/ip connected server. The SOAP listener examines the request type in the SOAP message to determine which internal task (which will itself be listening on another port) and dipatches the request to the task on that other port.

Web Services don't actually need web servers. They tend to though because web servers will typically provide the *.wsdl documents that provide the IDL info for accessing the service.

A UDDI server is kind of a cross between a web server and a web services server. They will normally respond to both HTTP & SOAP requests.

So the security issues you talk about relate to how to screw a web services server & this is a bit different from stuffing up a web server.

Cheers

Doug